My Member's Area access has expired so I can't get the fixed version- usually when there is a security flaw you can get the fix even with an expired licence- but if I can't, can you tell me how to protect myself from the flaw?

I don't mind disabling email to friend, I already did in fact- will that prevent the the board from being exploited?

If not can you say where in the code is the problem? I can update or remove it myself- I don't care if email to friend never works, no on ever uses it anyway.

I commented out all the "Send to Friend" code in misc.php, I hope that is enough.

Additionally you can block the following IP in your server firewall for incoming traffic at least:

124.107.69.104

This is the IP I was attacked from (from this IP only).




Best regards

Commenting out the "Send to Friend" code should also work to patch the issue.