3
Quote:
he had proven himself by loggin in with the different user accounts and making postings in the forum randomly.
If he has logged in as the user you can see it by looking to the last login date of the users. He did not create new users for that purpose?
Else he has cracked your database and added posts in the tables with the id of the users.
Check if there is an additional database user created.
Check the port for MySQL is closed.
Are the targeted users still able to login?
You have to find the attack vector (cause) in the logs, else all efforts like changing passwords are pointless.
Take a backup of your site and compare it with a previous one.
Install protector or upgrade it to the latest version.
Anyway, never pay anything:
- as it will encourage him by doing this to others.
- as you will be unsure if he will not redo the operation next month.
Even has this means you have to rebuild the site from scratch.