Blesta Website

[Biscuit1001]

I considered Blesta a couple years ago and decided against it, though I couldn't remember why, but there was something that really put me off then. I think I may have just found what it was.

 

Looking at the source code of your own site, which runs WordPress

<meta name="generator" content="WordPress 3.4.2"/>

I thought, wow, there's no way they could be running such an old, out-dated and unsecure version of WordPress...especially with all the focus on the security of the Blesta software. I realize the two could very well be mutually exclusive, but it's not a good sign.

 

I went to Sucuri to do a site check, and I urge you to do the same:

 

http://sitecheck.sucuri.net/results/www.blesta.com

 

 

 

Malware is found specifically in the resellers section.  Malware entry: MW:EXPLOITKIT:BLACKHOLE1

 

I've never found Sucuri to be wrong, but I'm not ruling out that possibility. According to Sucuri you ARE running WordPress 3.4.2. PLEASE tell me that's not true, that Sucuri is somehow wrong. Because if it is true... with all due respect you have no room to be criticizing any other billing systems' code. Running such an outdated install of WordPress is beyond a rookie mistake.

 

Again, let me make my position clear: I'm really hoping this IS a false positive or in error. According to Google, your site is clean.

 

http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=blesta.com

 

Sucuri may possibly be making assumptions based on the severely outdated WP Generator tag left behind (though that in itself is a boneheaded move...sorry, but it is).

[Biscuit1001]

http://w3techs.com/sites/info/blesta.com

 

WordPress 3.4.2
(77% of sites use a newer version)

 

PHP 5.3.3
(47% of sites use a newer version)

[Paul]

It's not Malware, it's Hivelogic Enkoder http://hivelogic.com/enkoder/ False positive. Thanks for calling us rookies, and trying to minimize us, classy.

[cloudrck]

If you knew how to decode/unobfuscate javascript or malware, it would take 10 seconds to realize it's to encode their email address from spam bots. You can't depend on automated webapps for reliable malware scanning. They are only good at giving unexperienced people a false sense of security.

 

 

 

 

Sucuri may possibly be making assumptions based on the severely outdated WP Generator tag left behind (though that in itself is a boneheaded move...sorry, but it is).

 

Explain.

 

 

http://w3techs.com/sites/info/blesta.com

 

WordPress 3.4.2
(77% of sites use a newer version)

 

PHP 5.3.3
(47% of sites use a newer version)

What's signifcant about this data?

[Biscuit1001]

You're most welcome. Thank you for the tone of the response...that's all I need to know. And yes, rookies. Leaving a 3.4.2 generator tag in the WP code, total rookie move.

[MemoryX2]

You're most welcome. Thank you for the tone of the response...that's all I need to know. And yes, rookies. Leaving a 3.4.2 generator tag in the WP code, total rookie move.

 

I honestly can't see why it matters. Their busy writing awesome software that works fantastically, who cares if they update their WordPress generator tag?

[cloudrck]

You're most welcome. Thank you for the tone of the response...that's all I need to know. And yes, rookies. Leaving a 3.4.2 generator tag in the WP code, total rookie move.

You've provided no substance to back any of your statements. All you've done is copy and paste what an inaccurate website said in addition to posting statistics of software versions. (rookie move?)

 

Please explain how a tag effects anything.

[Ken]

LOL!

 

You are incredibly naive.  There is no point in even responding to this.     

[Michael]

I have heard it all now, better not find out his website.. Anyway, got a problem don't use it... but it's your loss not ours and zip it.

[wfitg]

The OP seems to place 100% faith in 'on-line' web scanners. Many of them don't scan beyond the first page. Plus, their job is to scan for things that they sell. For instance, Sucuri scans every site for a firewall. If it is missing they try to sell it to you. 

To truly discover if a site has an infection or vulnerability use something like 'Fiddler Web debugger'. Fiddler will even decrypt the traffic.

It may be the OP that is the rookie.

[Michael]

The OP seems to place 100% faith in 'on-line' web scanners. Many of them don't scan beyond the first page. Plus, their job is to scan for things that they sell. For instance, Sucuri scans every site for a firewall. If it is missing they try to sell it to you. 

To truly discover if a site has an infection or vulnerability use something like 'Fiddler Web debugger'. Fiddler will even decrypt the traffic.

It may be the OP that is the rookie.

 

Or the op works for WHM** or another competitor.. or even more a Zombie because they like biscuits, isn't that a kiddie name? 

 

You are correct but they are stupid:

 

Sucuri:

 

 

InterWorx:

 

 

Nope we don't have a firewall Sucuri.

[Nelsa]

Thing is I just search and randomly try 3 scaners from first page from google search results and all shows site "clean" status for blesta.com ,seems OP is look hard for site which will show hacked/infected state (only because they are not whitelisted hivelogic e-mail encrypter/decoder).

And main question is why woud some one bored to scan blesta.com in first place which is handled by WP not Blesta?Just to say one thing,at any other competitors forum/blog topic(and user who post it) like this woudn't last even one minute,they delete topics/post and ban users even for postive reviews....damn this just show how profesional and open these guys are.