I recently took a look at faqtastic, by Cine of INEXISTENT scripts, to try and figure out why a friend was repeatedly being hacked. Much to my disappointment I found several holes in the script most commonly caused by a lack of validation. It’s also jam-packed with errors (only noticeable when error_reporting() is whacked up […]
Tag: scripts
Safe Dynamic Includes
I was directed to pootato.org’s Dynamic Inclusion tutorial yesterday by somebody who has been using it, and as a result have been “hacked” — index page defaced as well as a fake banking website/etc put on her web space. This girl could potentially land in serious trouble, depending on how forgiving her hosts are, because […]
Spotting Insecure Scripts
With the current surge in “hackings” (or rather: script kiddies exploiting known holes to deface websites that don’t support their view on the war) I’ve been going through a lot of scripts to find common and easy to fix vulnerabilities. With my fingers crossed, and perhaps a naive hope that people don’t release scripts with […]
BellaBook3.3 is Out
For those who use BellaBook, there’s a new version out. If you’re using versions 3.1 or 3.2, you can download the new version, delete the blank text files in the new one, customise the config.php file to match your current preferences and upload the new admin.php, sign.php and other PHP files over the top of […]
BellaBuffs is Live
As promised on Friday last week, BellaBuffs is live. Admittedly, some of you may have been expecting it three days ago because I cocked up the date at first, but there we go. For those who’ve been living on the moon recently, BellaBuffs is my new flat-file fanlisting management script. Designed for single fanlistings (like […]
PHP Security Article
I’ve released part one of what I hope will be a series of PHP security articles — a PHP Script Checklist for those developing or looking to develop their own scripts. If you have any thoughts on PHP security problems that you’d like to be covered in part 2, or you’re an ‘expert’ and want […]
Fancy a Mint?
I’ve just invested in Mint. I wasn’t sure if it’d be worth it and have been trying to justify the purchase for a few days, as well as convincing Karl that I wasn’t wasting my money (beating a dead horse there) but I’ve only had it about an hour and I love it already. It’s […]
Fanlisting Script Requests
This is generally only applicable to fanlisting owners, so if you’re not an owner or not interested in fanlistings, move on.. For those who do own/join fanlistings — what are your favourite features of the scripts that are currently available, and what do the scripts do that you absolutely hate? BellaBuffs (no longer BellaBoffins because […]
I Don’t Use WordPress
I posted a comment aimed at the owner of pixelfx.org on the latest update at CodeGrrl earlier, effectively pointing out that she was still distributing insecure scripts. Shortly after I got a response from an obviously blind butthead making assumptions about my choice of blogging software (apparently using WordPress automatically makes you a lazy or […]
Quick News
Some quick news, because I’m too lazy to blog properly: BellaBook passed 1000 downloads — since I started logging them — today. I started logging them at the end of May, that’s only a month and a bit! I decided against releasing the tutorial on modifying BellaBook into a fanlisting script, because it ended up […]