Tweet
On one of my sites, the admin team received a PM from a user asking to have their account deleted. How can I find the IP address that sent the PM? The user believes his account was hijacked.
To make things more interesting -- it looks like the admin who deleted the account may have been the one to hijack it. According to the logs - this admin edited the users accounts minutes before the PM was sent. Is there anyway I can drill down further to see if the account password was specifically changed?
Thanks
To make things more interesting -- it looks like the admin who deleted the account may have been the one to hijack it. According to the logs - this admin edited the users accounts minutes before the PM was sent. Is there anyway I can drill down further to see if the account password was specifically changed?
Thanks
Comment