On some servers you can access the member files directly via going to their data file (username.dat).  In previous versions a .htaccess file was added into the install so no ones accounts could ever be compromised.  However, with Platinum 9, I forgot to add this file so some servers may be at risk.  To fix this problem upload the attached unzipped file to the following directories:

/Members/
/Boards/
/Prefs/
/Messages/
/Code/
/Languages/
/Mods/

On most servers, files inside the CGI-BIN are, by default, protected.  Not all servers are like this, though.

Please note that this ONLY works on Apache web servers.  If you are not on an Apache web server you should contact your host on how to disable access to these directories from the web or move them to an area that is not located in the /www/ directory (one that can be seen by others).

Sorry about the problems this may cause...

Also upload to the subdirectories?

Yeah, you need to add this to BHITS, HITS, and the English directory under Languages.

Umm..  Someone forgot something..  It's "Deny from all" - not "Deny all". You may not notice, but it spewed errors in my error log. You may not have noticed cuz mod rewrite will try to change the url anyways.. (at least it is on mine)

hmmm...that is interesting.  All E-Blah releases including 9.6 have .htacess files that say deny all.

Justin, you may want to change this :P.

If anyone is interested... I had eBlah .htaccess files dating back to Nov 2004 saying "Deny all".

Quoted from sundance

If anyone is interested... I had eBlah .htaccess files dating back to Nov 2004 saying "Deny all".

Yeah, old versions had the .htaccess files included.