[jimmy]

Don't worry about it. It's been happening a few times recently. I've already banned some subdomains.

They use general passwords - such as your username (even vBulletin reports to me if you have used your username as a password) And then a few common passwords like 1234 or 'password' etc.

They do this to gain access to a legit account to post up spam - that looks genuine. Companies pay for services like this, then a couple of years later contact me to beg that spam is removed since google recognises them as spammers and downgrades their google ranking.

So - nothing to worry about. Please make sure your passwords are proper passwords. If someone's account is hacked just give me a shout. I will go ban this sub domain now.