Dirk
Since the problem we have been changing all users with Admin access on a daily basis. Additionally our php programmers has today added various lines of code to expand on the data given in the logs.
We will also take your advice to downground the actual Admin user to an ordinary user.
If anything untoward happens in coming weeks I will keep the group informed.
Thanks for everyones help and advice it is appreciated.
Regards
Marites
Quote by
Dirk: The patch should actually protect against spoofing the uid for comment posts. So if you're still seeing posts by user #2, it may be because they are really logged in as that user.
In which case the obvious things to do would be to change the password for that account and drop its session from the gl_sessions table. This would force them to log in again which, hopefully, they can't do without the new password.
If you haven't already done so, it may also be a good idea to "downgrade" that user to a normal user without any admin privileges (at least for the time being).
bye, Dirk