All i could do is done i guess. Html is disabled, the cgi-bin and the html dir have htaccess protection, the person who stole our moderator's password is banned on the whole server with the 3 ip adresses he has used.

Our moderator would never ever share his password, he has changed it to a tremendous difficult one...and i was stunned to see his name with another ip in the recent visitorslist. Obvious he is capable of catching the password(s) and altough i checked for malicious scripts, witch i didn't found, this becomes a huge problem for our community.

What other options do we have?

If you upgraded, turned off HTML, checked every recent post and sigs for scripts, checked the validity of every file on your server, ensured no new admins were added, changed all the admin passwords, and are otherwise sure the server and board itself is not the entry point then the only other likely hole can be your (and your moderator's) computers or the guy's really smart and is packet sniffing everything going to your server (unlikely.)

Check the computers for trojans and backdoors with a recently updated anti-virus program AND an anti-trojan program. Pandasoftware.com has a pretty good online anti-virus and it's free and also provides a free removal tool for the most common viri and trojans. Simply Super Software offers a good anti-trojan program and offers a free 30 day trial.

All said, I'm willing to bet there are still some scripts on your community or residing on your server as graphic files.

I would also advise removing any hacks you've installed.