a forum i had for over a year was hacked through an exploit in the shoutbox, had to change a few things and write some htaccess rules, the hacker managed to create 25k admin accounts so had to restore user base from a backup.
i luckily had a small prog running on my server that notified me by email when any admin changes were made so i imanaged to stop any real damage within a few minutes of the first change, although had to take board offline for a few days to patch the holes.
the same hacker also attacked a froum i use a lot ~(nulled-scriptz)~ i emailed the owner of that site with the hackers name address and email details and home telephone number (amazing what you can find out about people using an ip address)
vb forum owners need to check all the scripts and mods they use to see if there are any exploits for them before installing