I am posting on this forum in the hope that some of you good people can help me out with a big problem. I have had my site hacked after only being live for 2 weeks and have had to take the site offline. The site was a game of chance with a 50 / 50 chance of winning and the payment processor we used was Liberty reserve. The player placed a bet between $0.25 and $50.00 and paid via the SCI at Liberty Reserve and a batch number would be received for this transaction. The API at Liberty Reserve would then send a $0.01 back to the players account to generate a second batch number. Using a simple mathematical equation, the result of the game would be decided by these 2 batch numbers and if the player won, the winnings would be paid by the API instantly. As mentioned above, someone managed to hack the script and clean out the games Liberty Reserve account. This person placed a bet for $0.25 and this showed on the site as it should have, but then things went totally wrong. Another 67 bets were shown on the site with the same betting time as the genuine first bet but no money was entering the Liberty Reserve account. However, the API / Script recognized these bets as genuine and continued to pay out until the account was emptied. My question to you guys is, how this could have happened and what steps can I take in the future to prevent this from happening again. The developer that built the site from scratch has been as much use as a chocolate fireguard, his only answer being that he does not understand how this could happen. I am not very computer savvy but I do know that the site was built using cakePHP and was hosted on a shared server. Any help anyone can offer would be greatly appreciated as I really need to get this site live ASAP. Thank you