I have, or rather, had a secure WWWBoard based forum for my UBB moderators, which was located two directory levels in:
/dirone/dirtwo/index.html (Not the real names, of course)
Dirone was protected via .htaccess - all domains excluding certain IP addresses and domain names are denied entry.
Dirtwo was protected via htpasswd, so even if someone managed to bypass the IP block, they'd still have to know the username and password.
Someone did it.
Well, he got past the domain block. His ISP was explicitely denied access, yet he got in! SOMEONE that I apparently can't trust gave him the username and password for the second directory.
Right now I've replaced the thing with a dummy mockup perl script that will write down the IPs and time of anyone accessing it, just to make SURE that this guy is getting in. Or got in, rather.
I'm very distressed. How did this happen?
I was confident this jerk coudln't get into my forum, but apparently I took things for granted!
Oh, and how I found him....
I did my monthly log download, including the error log. I wrote up a quick perl parser to filter out the interesting stuff into various files. I filtered all the authentication errors into one file, and did IP checks to see who's been poking around when I found him.
"Okay, so I'm not "SANE" so to speak, but uh... I'm the lovable kind of psycho"