As some of you know, NeoMallers' database has been accessed through a staff account on this site. Using that account, they were able to disable the security set on this site and run a php code that essentially allowed them to upload a "Shell Tool" This allowed access into the file system (where all the neomallers files are stored). With access to the file system, they were able to retrieve the database password in addition to hijacking the main index.php file of this site which recorded password logins to this site as of March 8th and archived them into a text file.
The bad news is, it appears the entire database was downloaded. the good news is, passwords are stored in an one-way encryption so those of you who used non-dictionary words, you are safe for the most part. [b]But you should still change your passwords.
[/b]
Good news is, there was minimal damage and I was able to trace where and how they got in and every single piece of code they tried to execute and what failed and what actually worked.
Also, moderators no longer have full access to the site. A new "moderation layer" will be developed as time allows in order to restore these powers but in a much more secure environment.
I apologize for this "mishap" and hope it will never happen again.
Pages