If users have attempted to bypass the avatars in the this will cause that error because they're trying to bypass the available avatars and using their own one (outside of the avatar and/or the custom avatar URL).
This error may also be caused by users who like to use exotic passwords and/or user names.
The best way to avoid this would be to ask them using only letters and numbers.
Usually when there is a hack attempt it means you do not have enough profile fields, so go into ubb_lib.cgi Find: my $maxmemfields = 29; #total fields permitted in member file and change that 29 to a higher number like 34. And you said you had the avatar hack in, that uses a profile field, so that is probably your problem. Hope that helps.
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.