Today we received a report about a spamer on the forum. We took action and used the "report spammer" function in Xenforo, but after I had banned the account, I saw the following:
I was still sleeping at that time. The admin.php page is only accesible from my own IP, and my password consists of 15 characters that has been randomly generated, not stored anywhere. Is this some sort of exploit?
Any information about this would be much appreciated!