Mindwipe said:
It's not a hacker. Or at least we don't know that it is. Somehow, a spambot got in here with a user ID tag of 0, which shouldn't be possible. But it could be that this is some sort of glitch, not a hack. In any case, the 0 user ID is what causes the page to break whenever it posts anything. I've fixed it for now, but the next time it posts, it'll break the page again.
This shouldn't happen again. The error that allowed people to make pools without being logged in has been fixed. That is what was happening and how the spammer was doing shit.
In short, the pool creation function forgot to check for user permissions before creating the pool. Because the user did not have an ID, the ID value defaulted to 0, which referred to a nonexistent user, thus breaking the pools page as it tried to render.