I screen each new registration on my boards personally. if something smells even remotely fishy, I reject the registration. I feel it is better to err occasionally on the side of paranoia than to be consistently foolish. Users who seem up to no good, usually are.
I know many board owners or Administrators care more about the quantity of members rather than the quality? I can't tell you how many boards I have seen where the Admins are not employing adequate spam protection on their registration page and allowing their members list to swell with members who are actually automated key machine spambot registrations. I have never read a good post by viagracheappp. Have you?
I feel there is no substitute for an Administrator with a hands on involvement in his board, who takes an active interest in maintaining the quality and integrity of his board. I watch who's online like a hawk. When you see an unregistered guest on a closed, registered members only forum, who is looking at Administrator PM on the who's online list -you should be more than a little curious as to how that could be. I am the only person with Administrative permissions on my board. I don't even have super Mods. I don't even want staff looking at member IPs.
Changing your Administrator password regularly is a good practice. The longer the password the better.
I have a Shoutbox and a Top Stats feature on all my sites; but I have never been hacked or suffered any serious vandalism whatsoever. I know forum Admins who absolutely refuse to use any hack whatsoever because they feel it makes them vulnerable to hackers. It is said those hacks are major security vulnerabilities.
Preventing the ability to use html in posts is a necessity to prevent the embedding of malicious files that could redirect your forum's url. But even then it can sometimes be done with a booby trapped image. Turkish hackers are famous for that one.
I suppose if someone with ability really wants into your forum, there isn't much you can do until you catch them.
My motto? Daily backups - Daily backups- Daily backups!
Best regards,
B.