Somehow for the past several months it slipped by me that the Pligg forum has been requiring users to log in to a forum account to download anything from any of the forums. That was definitely not my intent, and I now understand some of the frustrations that I’ve heard from users about how the main Pligg download isn’t easy to access. This will be a lesson to me to be more careful about checking the small details, you would have thought that I would have learned through all of the bug testing I do with Pligg.

Downloads in the forum have been straightened out, now you can download the latest version of Pligg without having to register for an account.  Not only can you get the latest version of Pligg, but now the Pligg Templates and Pligg Modules forums are open for download without registration so now you can get all the free templates and modules without having an account. Of course, if you want support you should register an account, and even consider registering just to receive important email updates if a security threat is discovered.

I have decided tonight to retire the Downloads link from the top menu across the site because the forum downloads section wasn’t flexible enough to meet the needs of Pligg users. We no longer have a centralized file area, instead we will rely on forum thread attachments for downloads.

It’s come to our attention that there is an exploit available to bypass the default Pligg captcha method. The security issue seems to be the exploit that the hacker software “Auto-Pligg” is using to skip past user registration. We know what is causing the problem and are working on a fix that should be available shortly on the SVN and in the next version of Pligg which will be out shortly. The next version (9.9.6) will include several more security fixes and a few general upgrades. We also plan to offer a patch download for those who have recently downloaded Pligg 9.9.5 and will only want the updated files.

For now please switch your sites to the Recaptcha or “White Hat” captcha method using your Pligg Admin Panel until we post a solution.

35,000 emails have been sent out this evening to let Pligg users know that we have a security fix out to patch some of the recent vulnerabilities discovered in the Pligg core. The contents of the email can be found below.

Download Pligg 9.9.5

This week has been a stressful week for many Pliggers due to a security vulnerability discovered and exploited by a few hackers. It seems that even though we have not provided any changes in code over the past several months, three separate people seemed to find holes in the Pligg software all within the same few days. Since we first discovered the problem we have been frantically trying to patch the hole and get a release out to the public, and tonight we are ready to provide you with the first solution in protecting your Pligg site. I must thank many of you for posting to the forums some of the fixes that we have applied

First, please update to the latest version of Pligg available (currently 9.9.5). This release that was published just minutes ago should take care of many security vulnerabilities that the hackers are exploiting. I have also hired a third party expert to analyze and patch any security holes that might still exist in Pligg. I have also hired a part time coder to assist in developing Pligg over the next month as we approach 1.0. Any updates that I receive from either of these people will be added to the SVN and shortly after that the next Pligg version.

Second, we are developing a feature that will create registration confirmation emails that will hopefully stop, or at least slow down spammers and some hackers. You can expect this (along with a new default Pligg template) in version 1.0 which is due out soon.

Third, we will be providing you with frequent updates now through the Pligg blog as we continue to develop and refine our software. I am committed to improving Pligg and bringing in several new free templates over the next month. The latest version of Pligg will now display the latest Pligg Blog titles in the admin panel so you can keep an eye on developments.

Last but not least I must announce our new SVN server URL. We have changed services so that our developers can communicate and track changes better. You can now find our new SVN URL at:
https://pligg.svn.beanstalkapp.com/pligg/

You can also keep track of our SVN changes through Twitter using this url: http://twitter.com/pligg

Midphase has kindly set up a coupon code for Pligg users to use when registering for a web hosting account at either Midphase.com and ANhosting.com. The coupon code will get you a free domain for life and 3 months of free hosting. If you are looking for an entry-level host we suggest either of these hosts. And don’t forget to register your domains through Godaddy using our Godaddy Coupon Codes. For a step up in hosting you can try Autica.com or the really cool SingleHop.com for VPS and Dedicated hosting plans.

In the past 48 hours we have learned of 2 separate security exploits in the latest version of Pligg. We have patched one of the issues and the second problem has been fixed in several different ways. This is a warning post to all Pligg users that they will need to keep an eye on the Forum and Blog over the next 1-2 days until we post a proper security fix release. We will provide a new release that will have a patch for these security holes along with many bugfixes and a few new features since the last release from several months ago.

I will be attending the Web 2.0 Expo this year in San Francisco April 22-25, 2008. I thought that it might be a good opportunity to learn about some new technologies and meet and greet some people I’ve looked up to and perhaps in the off chance someone who might look up to me. If you live in the San Francisco area and are attending the Expo please leave a comment if you want to meet with me. If you aren’t planning on attending the Expo I will be setting aside some time outside of the Expo to meet and greet Pliggers who might be interested in learning more about the project. You can also leave a comment if you are interested in meeting me for coffee and I’ll try to plan something out ahead of time.

We’re looking for some new developers with a variety of skills to contribute to Pligg in their spare time. If you have any skills in PHP, MySQL, Javascript, XHTML/CSS, Template Lite, web server admin skills or many other similar talents please contact us by leaving a blog comment or by joining the Pligg Developers Facebook Group. If you have any friends who might be interested in helping out, don’t hesitate to forward them a link to this post or the Facebook group. Being part of an open source project like Pligg provides a lot of programmers with experience and skills that transfer into other projects and jobs. It also will look great on your resume. The biggest joy in becoming an open source developer are the connections and friends that you make along the way.