Security Issue in Dolphin

Hi:

We manage one of the largest web-based Yacht Charter resources, boatbookings.com and we would like to develop a user community based around yacht charter.

I have experimented with a lot of applications, TikiWiki, MediaWiki, Elgg, Dolphin, etc. and I had decided to go ahead with a Dolphin implementation. Shortly after I had installed the application, it was exploited and our server was used to attack other servers. I have since removed all traces of Dolphin from our server and am back in the process of evaluation.

I have also done some research and have found multiple references to security issues related to Dolphin.   My second choice which I am back considering is Elgg which seems secure but is less full featured.

I like Dolphin but I really don't want to run the risk of another exploit; our reputation is much too valuable.  Can anyone tell me if there are "best practices" for a Dolphin implementation which can make a Dolphin implementation less exploitable?

Thanks

Hello,

I accept that dolphin has few security issues. I have released a security pack for dolphin after analysing few problems with it. Also they has fixed few in the dolphin version 6.1.3.

If you are hosted with a good host with firewall protected, you site will not be hacked.

We host hundreds of dolphin based sites and has necessary protection in our servers. Till now we have not experieced such problems for our clients.