Quote:
Originally Posted by gb2world
This is really bad. If they had full ftp access - They could also have picked up all the MYSQL password information. All that needs to be changed too. With access to the db - they can cause all sorts of mischief - and can have all customer information.
|
For example, watch for users modifying the database, changing your CC processing to manual and then changing the admin orders email address to theirs.