Well, I got the access logs from my parent hosting company (who were vey helpful) and it seems the first accesses all came from IP addresses assigned to Romanian ISPs. Pesky Romanians…. I’ve googled around a bit for this ‘zloboz’ name and came up with one of their scam emails here. It’s based off a different site but it looks like the same kind of scam, they must have hacked quite a few sites to base their pages at. It also looks like they didn’t have everything configured properly as there are lots of errors in the logs about php scripts being unable to write to local files. The numpties didn’t setup the file permissions properly! So, any information they did harvest from the silly people who filled in their details is lost in the void 🙂