A security vulnerability recently discovered in PHPizabi originally reported by a local administrator has been confirmed and published by the National Vulnerability Database service of the National Institute of Standards and Technology (NIST) and the DHS National Cyber Security Division (US-CERT) in the National Cyber-Alert CVE-2008-3239 . Due to the great visibility of the NVD/NIST portal which disclosed this information, there have been a number of attacks against PHPizabi websites.

Tough we do not intend to release a security fix for this issue at this time, we want to remind our users of the importance of disabling the "REGISTER_GLOBALS" option of their system. This option will not only enable this vulnerability to be exploited but will also open multiple breaches into your system. Note that if your system is configured properly (with "REGISTER_GLOBALS" disabled), this vulnerability does not apply to your website.

Please read through the documentation at PHP.Net to check if your system is configured properly. Contact your system administrator to take appropriate actions in order to void this vulnerability if your system has the "REGISTER_GLOBALS" option enabled.

This vulnerability affects all versions of PHPizabi 0.8 to HFP3 SF1 (included). There is no security fix pack release planned at this time.

NVD/NIST CVE-2008-3239
"REGISTER_GLOBALS" at PHP.Net

A critical security fix pack has been made available for download. It is suggested that all sites administrators proceed to update as soon as possible.

Download 848 Core HotFix Pack 3 SF1

This is an update to the rumor that PHPizabi is under a DOS (Denial Of Serice) attack since about 3 weeks. On January 27th 2008, the PHPizabi network uppernode started receiving attacks from a few thousand hosts which brought part of the network down. We managed to keep most of our network up and running durig this period with minimal downtime. Unfortunately, due to security matters and to it's nature, the linkage between the PHPizabi Network and the PHPizabi Online (PIO) systems couldn't be moved and stayed down for about 2 weeks.

We confirm that, at this date the attacks are now completely deflected from our network and that all our systems are back up and running.

Sorry for the inconveniences

As Santa, the new year and a probable anterograde amnesia due to alcohol abuses approaches, the team here at PHPizabi wishes to stop for a moment to wish the community a happy holidays season. May health and happiness be with you and your loved ones for the year to come.

Our thoughts go to the less fortunate and to Adam who decided to do his Christmas shopping today, the 23rd.

See you all in 2008, with new and exciting adventures!

R, and the PHPizabi administrative team.