Weii, after they did their stuff, i tested the site, went through a checkout, no "whoops" , so, i guess everything is ok for now.
But, should i still place the .htaccess file in the root dir, will it stop this from ever happening again.
code:
php_flag suhosin.session.encrypt off
Soul39




