Pligg CMS Blog

July 31, 2008 by Eric Heikkinen | 17 Comments »

Pligg 9.9.5 (Security Fix)

35,000 emails have been sent out this evening to let Pligg users know that we have a security fix out to patch some of the recent vulnerabilities discovered in the Pligg core. The contents of the email can be found below. Download Pligg 9.9.5 This week has been a stressful week for many Pliggers due to a security vulnerability discovered and exploited by a few hackers. It seems that even though we have not provided any changes in code over the past several months, three separate people seemed to find holes in the Pligg software all within the same few days. Since we first discovered the problem we have been frantically trying to patch the hole and get a release out to the public, and tonight we are ready to provide you with the first solution in protecting your Pligg site. I must thank many of you for posting to the forums some of the fixes that we have applied First, please update to the latest version of Pligg available (currently 9.9.5). This release that was published just minutes ago should take care of many security vulnerabilities that the hackers are exploiting. I have also hired a third party expert to analyze and patch any security holes that might still exist in Pligg. I have also hired a part time coder to assist in developing Pligg over the next month as we approach 1.0. Any updates that I receive from either of these people will be added to the SVN and shortly after that the next Pligg version. Second, we are developing a feature that will create registration confirmation emails that will hopefully stop, or at least slow down spammers and some hackers. You can expect this (along with a new default Pligg template) in version 1.0 which is due out soon. Third, we will be providing you with frequent updates now through the Pligg blog as we continue to develop and refine our software. I am committed to improving Pligg and bringing in several new free templates over the next month. The latest version of Pligg will now display the latest Pligg Blog titles in the admin panel so you can keep an eye on developments. Last but not least I must announce our new SVN server URL. We have changed services so that our developers can communicate and track changes better. You can now find our new SVN URL at: https://pligg.svn.beanstalkapp.com/pligg/ You can also keep track of our SVN changes through Twitter using this url: http://twitter.com/pligg

17 Responses to “Pligg 9.9.5 (Security Fix)”

  1. David Mackey Says:
    July 31st, 2008 at 9:01 pm

    Sweet job! I’m excited.

  2. amy Says:
    July 31st, 2008 at 9:21 pm

    visit the site http://pligg.svn.beanstalkapp.com/

    it shows “Authorization Required”
    we can not know how to fix the file of pligg ,but pligg.svn.sourceforge.net/viewvc/pligg/ it can .

  3. Eric Heikkinen Says:
    July 31st, 2008 at 9:54 pm

    You need to make sure that /pligg is at the end of that url. You don’t need an account to have authorization, it’s set up for anonymous access:
    https://pligg.svn.beanstalkapp.com/pligg/

  4. Chuck Says:
    July 31st, 2008 at 10:50 pm

    Okay, so I downloaded the upgrade, but if I FTP upload all the unzipped upgrade files, won’t that just erase everything I’ve done to customize my site? How do I install the upgrade without deleting or overwriting my site?

  5. Eric Heikkinen Says:
    July 31st, 2008 at 11:04 pm

    First: Backup files through the backup option in the admin panel. Get a copy of all of the files and mysql backed up to your hard drive.

    Second: Unzip the latest version of Pligg to your hard drive. Use a program like WinMerge (http://winmerge.org/) to compare files for differences in the /templates directory. Make updates accordingly.

    Third: Upload all of the files to your site.

    If you don’t want to go through the /templates directory and make updates I don’t think you will screw up too much with this release. I do suggest that you at least try, using Winmerge is pretty simple to get used to and is a great way to keep your site up to date quickly.

  6. Edward Chmura Says:
    August 1st, 2008 at 4:44 am

    Installed without a hitch, but the YGET Admin/Manage Users page is blank (does not show any users, etc.) Other templates show users without any problems.

    Any suggestions?

  7. Eric Heikkinen Says:
    August 1st, 2008 at 12:59 pm

    The user admin page seems to work fine for me, could you re-upload the /templates/yget/admin_templates directory and try again?

  8. Edward Chmura Says:
    August 1st, 2008 at 11:58 pm

    Thanks for the suggestion

    I tried re-uploading the admin_templates and even re-upgraded, but still no users. The Manage Users pages of two other templates (which have other problems due to the upgrade) show users without any problem. Just the YGET template has this problem.

    I will also ask about his in the forums.

  9. Nirajan Says:
    August 2nd, 2008 at 5:57 am

    I already upgraded to 9.9.5
    but there is still security holes there!!
    still having problem!!

  10. bbrian017 Says:
    August 2nd, 2008 at 7:39 pm

    Thanks I have upgraded!

  11. Bashar Says:
    August 3rd, 2008 at 3:13 am

    Thanks a lot!. About the email confirmation, I got the commercial module and I have to say, all but it self is not doing much. They quickly overcame it. Good companions are:

    1- Good user disabling method that would not reset his email to blank. Need to keep it, and mark him as disabled so that he can’t reuse the same email again. That would help.
    2- Submit Anti-Spam plugin was helpful a lot in decreasing amount of spam posts. You don’t take two hour nap and find out your Pligg is not what you left it before.
    3- Along side disabling users, I suggest an optional delete all user posts,comments,and votes, PLUS, automatically ban all his submitted domains. Most people we disable submit nothing but spam, so why not automatically ban their spam domains?

    Thanks again for your hard work

  12. dzshopping Says:
    August 4th, 2008 at 3:00 pm

    The email confirmation feature is a great addon! When do we expect to release version 1.0?

    Thanks.

  13. Abhishek Says:
    August 5th, 2008 at 9:19 am

    Installed this 9.9.5 version.. but still i m not able to change the templates.. if i change the values at template then the site disappears with a lot of errors and yget is just a common template and cant make it look celebrific..

  14. Chou Says:
    October 21st, 2008 at 11:38 am

    I have updated but have problem with the site. When we are expecting the V1.0? Thanks

  15. Eric Heikkinen Says:
    October 21st, 2008 at 12:09 pm

    We aren’t very good to sticking to hard release dates, but my estimate will be early November, around two weeks from now.

  16. Jeevan Says:
    September 4th, 2009 at 1:30 pm

    Is the V9.9.5 a typo? I only see the latest version of 1.0.1.

  17. Eric Heikkinen Says:
    September 4th, 2009 at 2:57 pm

    9.9.5 is a beta version of Pligg. We started over at 1.0.0 for our non-beta series a few months ago.

Register a Pligg.com Account

Search Blog


Web Hosting

See our web hosting coupon page and sign up for an account with one of our web hosting partners.

Need a Domain?

We've partnered with Godaddy.com to provide discounts on your domain purchases. Purchase a .com domain for $7.49 when you use the coupon code PLIGG2. Check out our other Godady coupon codes.


ChuckRoast's Daily Blog






Pligg Modules and Pligg Templates from Pligg Pro Find support on the Pligg CMS Forum - 24 hours a day!