Pligg sites crashing, getting spammed, and attacked

Pligg Content Management System

I’m a big fan of Pligg – its a free to use web 2.0 content management system – but if you’re going to use it you need to realize it can be quite a handful to keep things operational.  In the last few weeks, some of my favorite Pligg-based sites have become victims of code corruption, security loopholes, and even automated spam attacks.

Of course, just a few weeks ago I posted that one of my sites was taken down by some sort of Pligg security vulnerability that corrupted my administration access and lately I’ve seen similar things happen to other sites before they go down too.

Pligg is free to use, and quite frankly I have no idea what the business model is.  Its on version 9.9.5, but technically everything up to 1.0 is supposed to be beta.  Last year it seemed like one of the major partners behind Pligg wanted to sell it, but this is sort of confusing because of the license it was released under treats it like its open-source.

Well, people do make money on the thing.  There are a lot of templates for sale – and for good reason.  Every time a new security hole is discovered they end up changing enough so that the templates have to also be upgraded.  Its not long before an out of date template starts to create some funky distortions.  Maybe they do have a business model – selling these templates every new version.

Some people (like me) avoided upgrading to keep the “cool template” we had tweaked to kind of look right on an older version.  Well, this is the result:  a massive campaign of Pligg database injections that I apparently got caught up in, too.

I have to say this is a really great piece of software, I still use it myself – just a little more carefully this time around.  It is definitely accessible to technical newbies, but it does take quite a bit of time investment as far as learning the code structures, template variables, and security maintenance.

Remember, even if you’re fully updated to 9.9.5, there is a known Pligg captcha problem!  I recommend using Re-Captcha because it is still working for me so far!

1 Trackback / Pingback

  1. How to Install Pligg on Dreamhost

Leave a Reply

Your email address will not be published.


*