as noted on the blogs from boonex. there have been two releases that address security problems. but i take the stand sammie has, first of all, read the server requirements that boonex recommends, when you go against what the develper says, then you have to expect to have unpredictable outcomes. now beyond that, if you are on a server where register_globals are ON, then you are defying gravity itself, as stated by php.net, register_globals should be off, and developers should try to write their software see more so that register_globals are not required to be on.

now when you go to a host where by default, they have turned on register_globals, you have to see the red flags standing up in the air on that one. what happens, is that it doesnt necessarily have to be the dolphin suite that gets hacked, but the server itself, that is the vulnerability moreso than the script. once the server is compromised, the culprits will use whatever avenue they can to access sites and deface them, its a game to them, so one jamokey buys himself a $1.99 hosting account and all his little cronies then try their attacks, once they have a script that has the RFI exploit exposed, then they start posting this information. its not that any one individual pays the money, look at the sparce wan that was hit, most all kids who have a website, be it php or joomla or whatever, they are most likely on a shared server, then they have their clan, and as soon as they find a script with a hole, and its posted on the internet that there is a hole in the script, not otherwise accessible but for the script being hosted on a shared server. now what happens is that they load up a remote shell script (php) and they all get busy looking around in the server. why is it they dont get caught you say, well granted it is a shared server account, nobody really cares if the data gets lost of not from the hosting company, just as 100 $1.99 accounts leave, 100 $1.99 accounts come in the next day. this server is not monitored, and you are just fair game when you are on a shared hosting environment.

so yes, you can apply what patches you can find, you can upload the latest release, but to me this is only running on a wing and a prayer. you need to get to a minimum VPS and better than that is a Dedicated server. well i am done rambling

later,
DosDawg