Mickey Mouse Club had Mickey Mouse Security!
Whenever I've installed forum software I've always gone though the code and implemented my own security. It's simple, there are certain query strings that are permitted, and so I check for valid fields. IOW all query strings are formatted as ?FIELD=value. I make sure the FIELD is one that is allowable.
If my code sees an attempt like ?USERNAME=<value>, I ban their IP address the first time. No second chances. If the field is USERNAME, PASSWORD, or if there are too many percent signs % in the URL, I ban them.
Never installed vBulletin, for good reason.
Biting the hand that feeds IT
