Problem
You are maintaining a forum web site. Recently, a user reported that their account was hijacked. You check the web server logs and indeed there are indications that requests were send with a valid session cookie authenticating the user but these originated from suspicious IP addresses that are on various black lists and are different from the addresses normally used by the user.
1. Explain the most likely attack scenario.
2. Explain how the attack can be mitigated.
3. Explain one line of Javascript code based on a regular expression and the Javascript function replaceAll() which can be applied to the forum post to prevent the attack. Any other solutions to the problem will NOT be accepted. The regular expression must not filter out any text that could occur in a legitimate forum post. The regular expression must be syntactically and semantically correct.