Thanks for the heads up, looks like they came in on the 18th via an exploit. Quite honestly I'm surprised it took this long for that site to get hit with how bad PHPNuke turned out to be.

I killed off all the admin user code and that should stop the trick they used to add their own admin users.