What I have been doing is forcing the user to reactivate their account. I find that is more useful than resetting their password as the user has control of the process. It also means that if the spammer has compromised the users email and has access to the reactivation email, then when they next post it requires approval via a moderator - I've caught two of these already.
I don't feel that phpbb has been compromised - it's more a case of user email accounts being compromised, or users using easy-to-guess passwords
Welcome to the Cumulus Support forum.
Latest Cumulus MX V4 release 4.0.1 (build 4023) - 16 May 2024
Latest Cumulus MX V3 release 3.28.6 (build 3283) - 21 March 2024
Legacy Cumulus 1 release 1.9.4 (build 1099) - 28 November 2014
(a patch is available for 1.9.4 build 1099 that extends the date range of drop-down menus to 2030)
Download the Software (Cumulus MX / Cumulus 1 and other related items) from the Wiki
Latest Cumulus MX V4 release 4.0.1 (build 4023) - 16 May 2024
Latest Cumulus MX V3 release 3.28.6 (build 3283) - 21 March 2024
Legacy Cumulus 1 release 1.9.4 (build 1099) - 28 November 2014
(a patch is available for 1.9.4 build 1099 that extends the date range of drop-down menus to 2030)
Download the Software (Cumulus MX / Cumulus 1 and other related items) from the Wiki
Re: spam
Moderator: mcrossley