Email addresses are never exposed; that was set up from the beginning. Whoever posted those messages was indeed unwelcome but was annoying spam and not a security violation. Since there was no registration scheme in place requiring verification, as the whole site is still an experiment, it was open registration.
At this point I secured the site, ensured that the data is protected and instituted a registration and message post verification scheme. It will be annoying for the first part (registration and your first ten posts) but will prevent any 'bots' from getting loose and posting more garbage like that.
I also removed the accounts of anyone who registered after 1 January 2016 since they were not verifiable by IP search and did not leave boat model info when they registered. If that inconveniences anyone I am sorry, but it's best not to leave any back doors open. I may need to delete some others if I can't verify them as existing members here.
I left my wonderful world of Wi-Fi a few days ago and am back aboard Adagio. The good thing is that I'm back aboard, the bad thing is that I'm dependent on marina Wi-Fi where I can find it again. Thankfully I can reach the beach bar's wifi and have locked down the registration process. I don't ~think~ that will have any effect on current members, except you'll see the prompt to "verify you're a human" for your first ten posts.
Sorry for the care, I don't think anything is burning and I am glad I checked in today :)
SM 209 "Adagio"
BVI ... with a shiny new AIS transceiver today :)