I doubt it has anything to do with nf blocks or not. It's probably another sql exploit that allows the hacker to run the INSERT INTO command via some unprotected textfield or a php variable

[quote=Dmitri]I doubt it has anything to do with nf blocks or not. It's probably another sql exploit that allows the hacker to run the INSERT INTO command via some unprotected textfield or a php variable[/quote] That was exactly what I was thinking too. The exploit would have to do three things: 1. Bypass the "Block neofriends request" 2. Stop alerting the neofriends request 3. Accept the neofriends request. When I was on my account, there was no neofriend request in the events log. (I guess I should ask: Did you guys have an neofriend request event when it happened?) #2 Might happen automatically from the server side because I had "Block neofriends request" enabled. My theory was if I had it disabled, (besides the hundreds of neofriends request), the neofriend request will be sent to the queue in the events and be backed up until my account alone accepts it. It's only a theory I'm testing. I call it a theory because it is untested. I don't know if I am right or wrong, but rather than have it in the back of my mind, I'll just do it. Lastly to kirsty. My post wasn't meant to be offensive whatsoever. Sorry for that post. Last night I lost my temper too, but for another reason and didn't fall asleep til 5 or so. (It's barely 8 now). :P *yawns*

No, if it's sql exploit, all of what you stated does not matter because the the database is being accessed directly, and not via the normal php script. In short, it's basically hacking into the database and adding the person's username into the NF tables

Same position as what I was in this morning, I went to bed sometime around 4 or 5, took me a while to get to sleep, and then a few hours later the alarm went off and no i was with him at the time, no friend request symbol was visible

[quote=kirsty_to_stay]Same position as what I was in this morning, I went to bed sometime around 4 or 5, took me a while to get to sleep, and then a few hours later the alarm went off and no i was with him at the time, no friend request symbol was visible[/quote] *lol*

I dont see how that post is so funny *unsure*

I re-read the post a few times. Perhaps it was the tragedy that kirsty only got a few hours of sleep. If the database is being directly accessed, then my theory above is wrong. But if the database can be access and edited...wouldn't they change something easier...such as the value for number of neopoints on one's (or a new) account? Edit: kristy to kirsty. I didn't look twice at the name and never noticed.

For crying out loud, my name is KIRSTY K I R S T Y u dumb fucks get a brain off ebay NOW!!! RAWWRRRRR! THE KIRSTY REARS UP AND FIRES A MASSIVE BLAST AT YOU AND YOUR PUNY SHOPS! Seriously, like every other person from neopets spells it wrong, is it really that difficult! As for the database stuff I have no idea I know nothing so am unable to comment.

[b]UH OH KRISTY IS VERY VERY ANGRY!!![/b]

omg so red and scary @_@ Edit: ooh that doesnt burn as much :P