I have a situation with a previous hostmaster hacking into a customers forum. He is creating his own user accounts even though it is set up to approve users before activating. Other than setting up users I don't see any other signs of him executing admin functions. I of coarse changed the admin username. Obviously he has the old database but I checked and there are no other type 3 users besides the admin. I did not change the database name so he could have downloaded it but I dont know how he could have unencrypted the passwords. Other new users are on hold waiting to be activated but he keeps coming up with new usernames. Can anyone shed light on what he may be doing? Is there a way that he could be using old accounts and changing usernames through a hack?
Topic Locked
Posted - 10 April 2005 : 11:27:38
