If you’re using FA-PHPHosting, PHPClique, PHPCalendar, PHPCurrently, PHPFanBase or PHPQuotes there’s security risks that need to be addressed. You can find more information on Amelie’s website.
I knew I spotted something dodgy with phpFanBase about mid-October, when I spent so much time staring at it helping Ang.nu to convert. I e-mailed the creator and never got a response.. I discovered yesterday it was because it didn’t get delivered. No idea why.
I feel so, so sorry for the ladies at CodeGrrl. I remember how I felt with the whole BellaBook1 fiasco (my fault for releasing a script before I had finished it). I was the only person “damaged”, if I remember right, and I felt like shit for putting people at risk… there are hundreds of people use CG scripts so they must feel hundreds of times worse.
I’m going for a lie down, I feel ever so dodgy today.
17 Nov at 11:23 am
Ah, first time I’ve seen these two new themes! I have to love the Silhouette, I will always like sunset/sunrise pictures where the foreground is (almost) black. Beautiful. I happen to be lucky and haven’t used any of those scripts. Everybody makes mistakes, though. Hope you had a good lie down. It’s 12:23 am here anyway.
17 Nov at 11:38 am
Yeah, I haven’t used them either, although recently I’ve been reading up on php security and going, “oh my god, I’m screwed if anyone heads my way.” Well, maybe not. I don’t use a lot of php extras, but a couple… Actually, I’m gonna go fix that now! see ya :P
17 Nov at 12:12 pm
Thanks so much for letting me know, Jem. It turned out to be PHPquotes that was the culprit. I’ve fixed it now.
17 Nov at 1:35 pm
Yeah, we’re having a bit of a nightmare over at CG. I and some other CG staffers said a while ago that we should change them, but none of the original developers were available. It’s sad that it has to come to this for people to realise there’s a problem. As for the fix posted on the forums, I was PMed by Vikki saying it didn’t really work. I suggest you use the fix I posted on my site or in the bugs thread on CG, it’s a bit more secure.
17 Nov at 4:54 pm
I’ve updated my scripts, thanks for putting the word out. I’ve got PHPFanbase installed for all of my fanlistings :S It would have been quite scary for all of them to get hacked…
17 Nov at 6:31 pm
I hope you feel better soon! :) Take care.
18 Nov at 4:43 am
Bugs and exploits are found in scripts every day. I don’t think that anyone is particularly to blame, it’s easy to make such mistakes. I don’t use any of those scripts, though. XD
18 Nov at 5:45 am
I’ve been a bit alarmed by all this, since I’m pretty ignorant about script security, and probably unaware of ways in which my own scripts could probably be attacked by a determined hacker. Fortunately, they’re probably too obscure for anyone to care – unless the PHPFanBase incidents prompt anyone to switch over :). I need to read up about securing ASP.
18 Nov at 9:27 am
I’m using PHPQuotes…like Gemma above…I’m pretty ignorant about script security. What can I do to fix it?
18 Nov at 9:29 am
Follow the link I posted: http://not-noticeably.net/home/?p=220 ..that tells you what to do :)
19 Nov at 7:07 pm
THANKS!!!