It seems that the weakest link was phpBB...maybe a little unfair. The weakest link was the fact that it was version 2.0.11 which had lots of known issues.
So in fact the weakest link was the site administrator being lazy about upgrades in reality. (I know this is a little harsh...but it is true
)The tracing and identification of the hack was an interesting and informative exercise. Come on Mr. VAMP get the full story up for us to read.
The Curly One.