As most of you are aware, some issues were found with some of the CodeGrrl scripts late last year and an announcement was made with the necessary fixes. Unfortunately, despite these fixes being easily and freely available people still ignored the risks (despite hundreds being exploited) or even worse: deleted the protection.php file (which had the original issue in). Deleting protection.php opens up your script control panel to absolutely everyone.
Only recently did Amelie discover that this wasn’t a misinformed user telling people to delete this important file (as I had assumed), but in fact: Surpass Hosting! It amazes me how someone who owns their own hosting business can suggest something so ridiculous, but we won’t go in to that right now..
If you’re a Surpass + CodeGrrl-script user that has deleted their protection.php file, get it added back with the fix as soon as possible. If you’ve told people to delete their protection.php file because of Surpass’ bad advice: tell them now to add it back. Deleting protection.php is as stupid as me giving you the password to my web server control panel.