There is no user with the admin@localhost email. i only had one and that was mine. i show the rogue login only 4 times but never made it to the admin user page. I have no idea how that was changed as well as the very large lockout number. the many incorrect logins must have been me. anyway i went into the db and was able to change the email and lockout and get back in. I have changed the login and password(harder) and made another superuser just in case. I will now try and find any unusual files and keep an eye out. My question is, can you log into the admin with the admin@localhost still in there as long as the uname and password were always entered correctly? I only ask as we paid someone to upgrade this site to 1.5 over year ago and maybe we never even changed it? I just changed my password yesterday, and had the old and new saved in firefox. so every time I logged in, it was wrong the first time and then the second attempt was correct. i have since deleted the old saved password. I guess what I am saying is....am I the one who triggered the lockout? I find it ironic that the password was changed yesterday and today it was locked out!



