n now a days its very easy to inject any forum.You can secure your forum by using following code in your .htaccess
#spam bots SetEnvIfNoCase User-Agent “^EmailSiphon” bad_bot SetEnvIfNoCase User-Agent “^EmailWolf” bad_bot SetEnvIfNoCase User-Agent “^ExtractorPro” bad_bot SetEnvIfNoCase User-Agent “^CherryPicker” bad_bot SetEnvIfNoCase User-Agent “^NICErsPRO” bad_bot SetEnvIfNoCase User-Agent “^Teleport” bad_bot SetEnvIfNoCase User-Agent “^EmailCollector” bad_bot #plagarism bot SetEnvIfNoCase User-Agent “^TurnitinBot” bad_bot #IP bot SetEnvIfNoCase User-Agent “^NPBot” bad_bot #Worm sign SetEnvIfNoCase User-Agent “^LWP::Simple” bad_bot SetEnvIfNoCase User-Agent “^lwp-trivial” bad_bot SetEnvIfNoCase User-Agent “^lwp” bad_bot SetEnvIfNoCase User-Agent “^LWP” bad_bot #Worm sign Order Allow,Deny Allow from all Deny from env=bad_bot