If by now you aren't aware of the serious vulnerabilities that exist within CodeGrrl.com's most popular scripts then I would recommend that you read this announcement as a matter of urgency.

As a result of the above vulnerability, I have recently discovered that certain people have been telling others to delete the affected file, protection.php, to avoid being hacked.

DO NOT DO THIS.

Deleting protection.php takes away the admin panel's password protection and you will be leaving your scripts wide open to much more than hacking.

At first I thought it was just a misinformed user telling others what they thought was best - I was wrong. Today I was alerted to the fact that it is in fact Surpass Hosting that is spreading this very seriously incorrect advice.

Please spread the word about this. Deleting protection.php is about as secure as leaving it unpatched on the server. You WILL be hacked if you leave it unpatched, and you will also be hacked if you delete it. If you've deleted protection.php, put it back as soon as possible and tell anyone else who may have deleted it to do the same.

If you are at all worried about running PHPFanBase or any other affected CodeGrrl.com script and have decided against keeping said scripts, you need to delete ALL the files associated with the scripts, not just protection.php.

Oh, and Surpass have apparently banned my script, PHPAskIt, because they believed the recent security vulnerability hoax that stated that my script could be hacked like the rest of the CG scripts. It CAN'T. It is not based on PHPFanBase like the vulnerable CodeGrrl scripts are, and can NOT be hacked through protection.php (there is no such file anyway) or through any similar method in other files.

I have reached new heights of geekiness. Why? Because I am now on the first page of Google when you search for Amelie. :D Yay! I'd been stuck in 11th place (top of the second page) for ages but now I am 10th (including repeated results - I think I'm 7th without). Note that this is on Google.com - I'm still 11th on Google.co.uk. I'm on the first page for most other Google TLDs though. Wonder why Google UK is being so slow to update? Hmph.

Oh yes, excuse the mess - I'm in the middle of having my account moved over to another server. WP has been bouncing up and down all morning and then for some reason all sites on the server were showing up as a client's. Errr, right.

In other highly interesting news, CG was hacked yesterday. This marks the third site in 5 days that I've seen hacked. A couple of the CG staff have been having their sites repeatedly attacked and I have to wonder what on earth they have done to deserve this. Hackers (or "script kiddies" as these people normally tend to be) and spammers earn zero in terms of respect from me. Especially those who lie about stuff they've found in order to make themselves look good and others look bad (thanks for ruining my reputation, kthxihateyoubye). Wow so you've found your way into something that isn't yours. What are you going to do, tell the site owner? No, of course not. You're going to delete all their files, replace them with stupid crap like "H4X0Rr3D bY 1337 kR0o 2 ThOuzAnd SiXxX : mC HaX / HakKa 2k / PeAc3 2 ALL n0 waR", then take some screenshots and plug yourself on Zone H. That's really mature of you. *Rolls eyes*

Anyway. I was going to say that I think WP is a problem and that hackers are finding their way in through there somehow. I'm not sure how, but as soon as I've finished my custom blog script, I am getting rid of WP and replacing it. Hmph.
This post had better not disappear as soon as I've posted it... Bah to nameserver propagation and all that >:(

Edit: Hmph. Since writing this post, Google's decided I'm back to 11th on Google.com and 12th on Google.co.uk. Wah :( Or not! Google is odd.

It has been brought to my attention that there is a serious security vulnerability within all versions of PHPAskIt, which states that the conversion scripts for Wak's Ask&Answer and the classic Ask&Answer can be hacked through the directory variables.

The security vulnerability is a hoax. The import files CANNOT be hacked through the $qadir and $dir variables even with register_globals on.

I find it such a shame that the person who discovered this has gone round telling everyone who will listen that my script's insecure (and every major security site there is) but 1) won't inform me (I found out through a Google search) and 2) makes things up. I've contacted them several times but each time the mail has bounced back. *Rolls eyes* How mature.