Now, this wasn't really easy to get, but the person that found the exploit managed to find a few username/passwords and steal some items.
Finding out who did it was trivial. He also told that ex dev how he did it. Normally, I am happy when people find and report bugs, but this guy stole people's stuff, which is a big NO NO.
So I banned his IP and changed his password to see what items I can recover.
He retalliated by posting the code on a few guild forums.
The big problem was that two server developers are away (one is moving, one in vacation). And the 3rd developer was nowhere to be reached. They made a few changes on where the server source is stored, and given the fact that we are preparing for a new update and have 2 test server running didn't help. To make it even worse, I didn't know which source directory is the last one. So I gave the server password to that ex developer, and he managed to find out which is the most likely version. We tought we fixed the problem, restarted the server, tested for the exploit, and was still there. So we just added a small hack (which is a good hack) and cleared a buffer before any data is processed from an user. This will fix other possibly related bugs. So after another restart, all was nice and well, except that I have to give people the stollen items, which requires a lot of grepping in log files and nice things like that.
So how was your day? :)