The log's are scanned for injection attacks and any malformed url's are listed nightly in my logwatch. I of course mysql_real_escape_string() everything that is remotely entered.
Also nafe you do not have a "@nafe.com" email address in our database.
Since you are long time members its possible when we were compromised a few years ago (we posted news about it when it happened) that they got away with some email addresses. That was on our old server and I do not have the logs for that.
Last edited by Dolby : 12-30-09 at 12:25 AM.
|