Thanks for the reply, Bob. I wasn't aware at the time of my posting that the forum server had been compromised. I wonder if you could disclose the type of information held on the compromised server. For instance, was it just the information we registered with on the forum (ie, our names, email, and street addresses) or was there more sensitive information as well (neteller, etc)? Well, if my experience is any measure, they probably DID have access to the passwords, but I imagine they were in encrypted form only. Meaning that if they had enough time and computing power, they could run an MD5 or crypt() brute-force password cracker and eventually determine a good number of our passwords. Would that be an accurate statement?
I have to take issue with this assessment, but please don't take this rebuttal personally.What you have described is jut not how internet email (as defined by the various RFCs on SMTP) works. It works more like the following (simplified greatly for obvious reasons):1. You send an email to email@example.com. Your outgoing SMTP server says, "I'll take that message and deliver it for you"3. Your outgoing SMTP server does a DNS query to determine the controlling mail server (MX record) for the recipient domain (in our example, domain.com)4. Your outgoing SMTP server connects directly to that controlling server and hands the message off to it for delivery5. The mail server for the recipient domain delivers the message to a local account or another sub-server in that domain (but, and this is important, almost never through an external network)Thus, there is no "server located between our e-mail server and your e-mail server on the internet". It goes directly from your server to my server. Now, that said, there is the remote possibility that someone installed a network sniffer on a router between your server and mine, but I can tell you that, from my experience, it's nearly impossible to do. The vast majority of internet routers are made by Cisco and run their proprietary IOS software. You have to install a special list of packet matching rules on the router (having full access to it in order to do so) and then point it to a local server to store the raw packets. Then you have to logon to that server and decode the packets and their payload from hex into something readable. Like I said, it's not impossible, but it's non-trivial.An attacker *could* have installed a sniffer on your server while it was compromised and very easily stored and analyzed any information going through it. If possible, if you could disclose what kind of information that might be, I'm sure many here would appreciate it (including me).Again, I appreciate your reply and help you can provide me and other users with regard to what information may have been compromised. Thanks,Jeff