News

Just a note of warning - someone hacked an old site of mine that was inactive - but in a sub directory and sub domain. I had forgotten about the site - and they uploaded an image that wasn't an image - and it gave them shell access which gave them much more than control of the sub domain. Just a warning to all -this is an easy exploit - the code was minimal and any old or test sites you have laying about need to have the ability to upload pics curtailed ASAP.

Stupid stupid me. I was "owned" for about 12 hours and I'm still assessing the damage.

PHP-Editors.com and PHP Classes announce a new monthly contest. From June 2003 these 2 sites will offer awards to the highest ranked php class submitted. Prizes will vary from month to month, this month Macromedia Dreamweaver MX and Template Tamer are up for grabs.

Visit the contest rules and leaderboard at: www.php-editors.com/class_contest.php

If you have not already got a free account on PHP Classes - sign-up at: PHP Classes

Best of luck to all who join the contest.

Security issues have been found with Geeklog 1.3.7sr1 (and older versions), one of which actually opens up the possibility to gain Admin control over a Geeklog site. We are therefore releasing Geeklog 1.3.7sr2 and strongly recommend that you upgrade to that version as soon as possible.

There is an upgrade archive (from 1.3.7sr1) available, as well as a full 1.3.7sr2 release. See the documentation for details.

This is the first major security issue with Geeklog that has been found in a long time and that actually enables an attacker to gain Admin control of a site. It was reported to us a few days ago and we are not aware of any sites being hacked as a result of this, since it does require a bit of knowledge to exploit. However, since we do take security seriously, we would like to point out again that it is important that you install this update ASAP.