I received this email last night from Paul, our server admin:
I'm looking into a barrage of outgoing spam emails (136 since Feb 10th) from the [bhotr email address] to what looks like random recipients. I'm assuming it's the result of some sort of bad script, trojan, or most likely it's an injection attack. Do you have an updated version(s) of the software you use on your domain? ie. phpbb
There were 46 bots registered since the last purge. BB removed them and we changed the captcha system to reCAPTCHA as well as set the registration approval by Admin (eg: Admin must approve of new member before he/she can post). It seems the bots had bypassed the other captcha system; hopefully this has fixed the problem.
SO: If any new members register, an admin must approve them before they can post. It's obnoxious, I know, but please bear with it for now until Paul and I can make sure there aren't any more problems now that the captcha has been changed.