Would you believe my site’s been hacked again, this time with Visa phishing material. I’ve removed it all and will likely need to start pleading with Google to remove me from their SafeBrowsing blacklist again. This time though we’ve found the security hole. It seems that register_globals is set to ON on the host server and this is allowing hackers to inject malicious code into PHP scripts within Joomla. I’ve now set this to OFF for my domain, which will hopefully bring an end to the hacking of my site.