i dont know how... even i realy dont believe its a session hijacking ...but someone post with my username (webmaster) in my site forum:
www.jadoogaran.orgmy uid=1
i delete the post and ban the poster IP too.
GIjoe i remember your post with the Herko's username a long time ago to show the unsecurity of xoops in that time
now same problem is here.
useing cbb 2.3 ( do you think it is not secure?)
xoops 2.2.4
and protector 2.56 ( im useing protector from its borning time)
autologin for 2.2.4 as well.
and the story is :
i hadthis problem about 2 month ago so ban the IP and everythings were well untill yesterday that i clear my ban IP list and then problem happen again.