Okay, so here's what happened. We allowed people to register for the site without requiring admin approval because we thought it'd be easier for people to just confirm themselves. The prankster took advantage of this and made his anonymous account without anyone double checking it. He then took advantage of my enabling of html on the forums to post a link that automatically pops up when you open it. He sent this link to the 20 most recent people who logged on, using a script. The pms were sent at exactly 7:00 est I think to those 20 people. I assume this prankster was targeting us specifically. He made two accounts before making the prankster (Anonymous) account to test something (I'll see if I can find out what).
Anyways, the prankster is no hacker. No one's information was compromised, no one has a virus. The link he posted leads to -googlehammer-com which is a prank site. That's ALL the pm does (I checked the code).
It's unfortunate I can't get his IP though I'm sure he'd use a proxy anyways.
Anyways, Mr. Prankster. Thanks for making things difficult for people to sign up now. -_-
Oh, and if I'm missing any details from your fine plans, please do come again and point it out.