SKoT_FX wrote:Please, read "rat-sniffer" is a good way - that was how it is intended. Bad wordage on my part. We've had a lot of customers and friends putting forward theories, offering white hat hacking advice, giving us leads. I simply meant "the suggested theory isn't one we need to consider in this instance".
In cases like this, to be able to "smell a rat" (ie think up avenues for investigation) is an invaluable service and prized skill. This is the sort of thing the Ohmies would get away with saying, doh..!
We will be making an official announcement early next week. After a lot of extremely thorough trawling of logs and web systems analysis, exchanging information with other companies that were similarly attacked by the same hacker, and putting formal legal pressure on ClickBank to reveal the spammer/hacker's identity and address - all of which take time, and have a due process, some of it has involved lawyers - we are now very confident we know what happened, and what needs to happen next, and that its under control.
It is for our web team to make the formal statement next week; but the fact that you haven't heard from us yet was because we were making sure we could demonstrate full understanding of the situation, and prepare proper, detailed duty of care for the next stage. If anything had come to light requiring urgent attention, you would have heard from us much, much sooner.
This is an excellent response and I look forward to reading your official statement.
Thanks,