Yea he is getting in touch with me via a email from hotmail, and yea he is really screwing with my mind. i never really had to deal with hacking or guys like this because i generally do honest work. but i had this guy work with me and he had picked a couple of mods and these mods are the ones that want the site. They decided that they should have the forums and not me so thats the reason they are barking up my tree. i changed my forum pass like 2-3 this month and im going to be changing everything else as well.

serious why get worked up over it - kk it more than annoying and is taking up time u dont have but besides that look on it as more of a hindrance than anything else.
Like everyone else said - why would they need cpanel etc if they hacked your site - so you are fairly safe.ALso get in touch with your host and let them know what is happening and see if they can offer any help.Log all chats etc and keep any emails you recieve.

I suggest you ask your host provider to ask hotmail for some help. Attacking a website is against the law and your host provider can press charges.

You've got a rogue staff member from the past is what it looks like to me. Someone who knows a few things but not enough to convince me he's dangerous at all. You have to be more careful in who you give the power to. It's not as easy to take away as it is to give it.

Ignore the emails and report them. The more you answer him the more he knows he's got you. That is a big part of it, knowing he has your mind.

If he was staring at your FTP, he could grab the database. It is BS..

Correct me if im wrong but database is not stored on the ftp - so how can he grab the database from the ftp unless it was stored there for back up purposes.

better yet, put the entire block in iptables if you're on your own box.

if you're on shared hosting, change your database username and password as well. there's the possibility that he has an account on the same shared box and can easily manipulate your db with the proper credentials, regardless of which user root he's running a kiddie script from.

and the guy doesn't sound too smart either... if he can access your database to switch the on/off flag, then he can certainly dump the database into your webroot and simply download it.

Just like someone said at the beginning of the thread, you should contact your host about this. They do this for a living and if they are half decent they will have a standard procedure to deal with these kinds of actions to fill the holes, to track him down and report his information to the proper authorities.

In other words, you got friends, use them!

Well, first of all, he could see your includes/config.php file and download that, get your db info, upload a script to access it, and dump/download the db..

--------------- Added [DATE]1204141158[/DATE] at [TIME]1204141158[/TIME] ---------------

It should also be noted that it would be to his benefit for you to NOT know he took the database. He is just trying to con you into giving it to him because he has no other way to get the data..

Thank you guys for all the help my Host has been notified since sunday and i believe they took the necessary precautions. I'm just glad my site is safe but stuff like this can really get you shook up.