Worrying

This is quite worrying, I've had an individual, who has gained access to the super moderators accounts, the DB is held outside of the HTML area, and we bounce all ports bar the 80,21,23.

so I'm thinking that they must have got the db somehow??? and decrypted it, he seem to have a problem decrypting password with numbers in them, so have advised all moderators to change their password.

Has anyone any ideas how they have managed to do this.

I've currently got a dialogue running with the indiviual in question (imation) and have his source IP's as he seem to know how to spoof his IP after he found out I had his source one, and has said he gonna let me know how he did it, but....

He' has openly appologised for any disruption he's cause and assured us that he hasn't used or changed any info he's found, which is a good thing....

Thanks in Advance

At first he just registered as a normal user, started sl*gging everyone off, so we deleted his account and banned his IP.

He then spoofed his IP and re-registered and started sl*gging again, again we deleted his account and banned that IP, and went to GoStats (hit/stats counter) and got his source IP and set a mail to his ISP(s).

He then somehow got and logged in as myself and deleted my account, which I restored the DB to the night befores backup

Changed my password to something else (all letters) and he logged in again as myself and posted abusive content, another email was sent to his ISP's and a post was put on my site informing that if he persisted I'd inform internic.

Changed my password again (leters and numbers, which he must have a prob with), he logged in as someone else and posted an apologie and that when I opened a dialogue with him/her to find out how he did it, also advised all members to change their passwords.

It's abit worrying isn't it, we did everything bar bounce his IP at the firewall(s), but chance are he/she'd have spoofed their way around it.