I know this has been talked before but there must be a way to protect posts attachments from any visitor that knows the url. At least force him to register or something.
Recently i have done some work for a script and posted it as attachment in a wpForo forum and after i while i found the attachment link posted in several place.
Searching i found this:
for Wordpress images and attachments. Maybe it could be modified to work for wpForo attachments ?
Or do something like that ?