While DDoS attacks are inconvenient for a site owner, it doesn't really make any difference to it's users other than disrupting service. There are no known MyBB vulnerabilities. DDoS attacks won't change this. Any unnecessary plugins should be uninstalled to minimise risk and necessary plugins should be kept up-to-date and only installed from verified sources/authors.
The biggest threat will be social engineering directed at Roosh and anyone with blogs/sites that are influencers in the manosphere as it gains notoriety. Don't think it's just a teenage elite h4x0r in a basement in rural China trying to brute force your accounts. Social engineering is big business.
Be on high alert for phishing emails. Only download anything from well-known sources. Lock down your social profiles (or better yet, delete them). Use a VPN when browsing. Set-up 2 step verification on your Google account. Be aware that your security is only as strong as your weakest link. Any information available on you can be leveraged to gain access to your various accounts.
A few points to anyone concerned with general online security and privacy:
Protect your Google account with 2-step verification
It works by sending a unique code to your phone every time you try to login. No phone=no login. So even if your login details are compromised, you're still safe.
Why is this so important? With a person's Google account you have access to a treasure-trove of information. Payment receipts with last 4 card digits, full names and the ability to request password resets. You should protect this account as you would your identity. Large scale identity theft is very hard to recover from.
Hint: You don't even need a Google account to get the last 4 digits. Call a company like Netflix. Have full name and email address of your victim? Congratulations, here's your new password. Log in and what d'ya know...Netflix shows the last 4 digits under the billing tab.
Have a windows live account? Have you ever paid/registered using that same card? We can now reset your password with the last 4 digits from Netflix. Sometimes you don't even need the last 4 digits. To add a card to your account there is very often little security. What if I were to add a card to your account, then call up? I'd have the last 4 digits already to reset your password.
For obvious reasons, I've given you two security leaks that have recently been patched (Netflix & Windows Live). But rest assured there are many companies, both small and large, that will unknowingly expose you through poor security practices. If you're especially paranoid with something serious to hide, consider using different prepaid cards for any online purchases/subscriptions/hosting etc.
Consider creating an alternate persona
Misdirection gives you control and puts the power back in your hands. I don't just mean a new email address and profile picture, either. Using a site like
fakenamegenerator.com you will be able to create an entirely new identity. You can generate basic information, financial information, physical characteristics, employment, favourite colour and then make social profiles that reflect this.
Protecting information and ensuring meet-up safety
One of the great features of RVF is seeing who is in your city/area to network and grab and beer with. With everything going on members are going to be extra cautious of giving out personal information. Taking the proper precautions can minimise any risk to close to zero.
Firstly, you should never be giving out a personal email if you're worried about getting doxxed. Use a service like Proton Mail (
https://protonmail.ch) that offers end-to-end encryption and doesn't keep IP logs or ask for any personal information.
Next, get a burner phone. No iPhone/smartphone stuff. Just a standard $30 phone with a pay-as-you-go sim (I don't know what they're called in the US). No contracts/personal information needed. You can now discuss meet-ups via phone/email securely with no risk of doxxing.
Meet-up safety is common sense stuff. Reverse image search any photos/social media profiles as you would if you were screening for a SIF. If you can't find a match immediately try flipping the photo horizontally, this is the most common method of avoiding a reverse image search. Give a meet-up location you can monitor from a vantage point until satisfied.
Roosh's sites
Standard Wordpress installs are vulnerable, but all of Roosh's sites (rooshv and ROK) are sufficiently locked down using current best practices. I checked this for my personal peace of mind. If anyone else has a Wordpress site they are concerned about feel free to PM me and I will walk you through hardening it (you don't have to share the link).
My only advice would be to make every company you deal with aware of what's going on and to put a note on your account of no password resets over the phone. Namely Cloudflare and Aweber who have both been compromised numerous times in the past.
All that said, the major hacker networks are either for sale to the highest bidder (an SJW's $5k donations a month won't quite cut it here) or anti-capitalist types targeting corruption in the major corporations. This is almost certainly a white-knight type trying to save face for his fair maiden after their recent loss.
Get in to the habit of implementing basic security measures to protect your identity across the web, not just on RVF, and you will be more at risk from a jealous ex-boyfriend than getting outed for being on the forum.