phpBB.com was cracked, at present the exploited software was awstats, and not in the latest version of phpBB (good to know), additionally there are a number of preventative measures that can and should be taken if you are running phpBB to further tighten things down, probably one of the simplest and best things that can be done is to encrypt your config.php. Nothing quite like having your database username and password hanging out in the breeze in plain text, given there have been are are still quite a number of little script kiddie tools that made extracting this data very simple. I didn’t write the code, but more info can be found here about how it works and the source code too. There are a number of further measures that can be taken to harden the security of phpBB listed on that page as well.
Some should be obvious to anyone serious about running a forums, and a couple that may not be so obvious.
PHP is a wonderful thing, it integrates with MySQL slicker than
I’d venture 99% of would be crackers will just move on to an easier target, the remaining 1% that hang around to see if they can truly break your algo have more than just simple defacing your site going on, they have some sort of “personal” motivation behind their efforts.