Pligg 9.9.5 (Security Fix)

35,000 emails have been sent out this evening to let Pligg users know that we have a security fix out to patch some of the recent vulnerabilities discovered in the Pligg core. The contents of the email can be found below.Download Pligg 9.9.5This week has been a stressful week for many Pliggers due to a security vulnerability discovered and exploited by a few hackers. It seems that even though we have not provided any changes in code over the past several months, three separate people seemed to find holes in the Pligg software all within the same few days. Since we first discovered the problem we have been frantically trying to patch the hole and get a release out to the public, and tonight we are ready to provide you with the first solution in protecting your Pligg site. I must thank many of you for posting to the forums some of the fixes that we have appliedFirst, please update to the latest version of Pligg available (currently 9.9.5). This release that was published just minutes ago should take care of many security vulnerabilities that the hackers are exploiting. I have also hired a third party expert to analyze and patch any security holes that might still exist in Pligg. I have also hired a part time coder to assist in developing Pligg over the next month as we approach 1.0. Any updates that I receive from either of these people will be added to the SVN and shortly after that the next Pligg version.Second, we are developing a feature that will create registration confirmation emails that will hopefully stop, or at least slow down spammers and some hackers. You can expect this (along with a new default Pligg template) in version 1.0 which is due out soon.Third, we will be providing you with frequent updates now through the Pligg blog as we continue to develop and refine our software. I am committed to improving Pligg and bringing in several new free templates over the next month. The latest version of Pligg will now display the latest Pligg Blog titles in the admin panel so you can keep an eye on developments.Last but not least I must announce our new SVN server URL. We have changed services so that our developers can communicate and track changes better. You can now find our new SVN URL at: https://pligg.svn.beanstalkapp.com/pligg/You can also keep track of our SVN changes through Twitter using this url: http://twitter.com/pligg

17 thoughts on “Pligg 9.9.5 (Security Fix)

  1. Okay, so I downloaded the upgrade, but if I FTP upload all the unzipped upgrade files, won’t that just erase everything I’ve done to customize my site? How do I install the upgrade without deleting or overwriting my site?

  2. First: Backup files through the backup option in the admin panel. Get a copy of all of the files and mysql backed up to your hard drive.

    Second: Unzip the latest version of Pligg to your hard drive. Use a program like WinMerge (http://winmerge.org/) to compare files for differences in the /templates directory. Make updates accordingly.

    Third: Upload all of the files to your site.

    If you don’t want to go through the /templates directory and make updates I don’t think you will screw up too much with this release. I do suggest that you at least try, using Winmerge is pretty simple to get used to and is a great way to keep your site up to date quickly.

  3. Installed without a hitch, but the YGET Admin/Manage Users page is blank (does not show any users, etc.) Other templates show users without any problems.

    Any suggestions?

  4. Thanks for the suggestion

    I tried re-uploading the admin_templates and even re-upgraded, but still no users. The Manage Users pages of two other templates (which have other problems due to the upgrade) show users without any problem. Just the YGET template has this problem.

    I will also ask about his in the forums.

  5. Thanks a lot!. About the email confirmation, I got the commercial module and I have to say, all but it self is not doing much. They quickly overcame it. Good companions are:

    1- Good user disabling method that would not reset his email to blank. Need to keep it, and mark him as disabled so that he can’t reuse the same email again. That would help.
    2- Submit Anti-Spam plugin was helpful a lot in decreasing amount of spam posts. You don’t take two hour nap and find out your Pligg is not what you left it before.
    3- Along side disabling users, I suggest an optional delete all user posts,comments,and votes, PLUS, automatically ban all his submitted domains. Most people we disable submit nothing but spam, so why not automatically ban their spam domains?

    Thanks again for your hard work

  6. The email confirmation feature is a great addon! When do we expect to release version 1.0?

    Thanks.

  7. Installed this 9.9.5 version.. but still i m not able to change the templates.. if i change the values at template then the site disappears with a lot of errors and yget is just a common template and cant make it look celebrific..

Comments are closed.