After a horrific night when a person stole a moderator's password and deleted all the postings in a forum, i really want to know how this was achieved. You can PM or mail me if you don't want to discuss this issue on a public forum.
Ofcourse it's obvious that there was either a brute force guess with success, or the person used a script to "catch" a password out of a cookie. Altough we've banned the ip from forum and even the whole server, i'm afraid this will happen again. We use the html function and ok, shoot me for that but isn't there a way to do this safe? Will there ever be html in the ubb without danger?
