I would just like to get everyone up to par on whats really going on.
That password page is not a phishing script, it is a shell.
PHP Shell = bash/perl script coded with a php language front end.
The main use for a shell originally was a terminal alternative, but hackers have made it into a hacking tool to gain access to the server and server directory.
The faag hacker ak47 used the exploited vaulnerabillity in quotes.php to inject the shell code allowing server access..
As you may have noticed he gained access to goobs account meaning he has access to the forum database and changed the password manually.
All your info, emails that are on this forum are in the hackers hands now.
As far as getting it fixed if you did not notice goob im guessing attempted to roll back the forum database using an old backup, but it did not update the vbulletin files.
As far as exploits there are multiple vaulnerabilities due to goob adding insecure mods & leaving file permissions set incorrectly.
He has not even tried adding vbulletin security updates so really it does not matter as this site will continue to be hacked.