Hi all --
Just letting you know that our board was recently compromised by an attacker who seemingly gained Administrator access as a new user. They created a new account, and then somehow through POSTing some variables to the main script appeared to gain Administrator access.
I'm not ruling out a hole in PHP, some sort of other strange configuration error, or password compromise that could have been OUR fault, but thought I'd mention this in case anyone else has observed any problems.
Please send me a PM if you have had a similar recent experience, as I'd like to track down the source of this incident.
Again -- I'm not claiming there is a hole. Just suggesting that if anyone HAS seen strange activity where an outside user gained Administrator access to please mail me.
Thanks
