Am I the only one upset at having to (again) change all my forum and email passwords? We hear about hacking attempts all the time. The time to harden the servers was when you heard of other servers being compromised.... waaay before last week.
I'm seriously hoping this was a wake-up call and you'll be more pro-active going forward.
Also, this little message at the top of the forum is not enough enough. I was on this forum for 3 hours before noticing the message at the top. I believe the standard is to EMAIL all users. Not everyone checks in daily. Not everyone is active.
Congrats for keeping the server up and checking for malware, but IMO, there's room for improvement.