Actually, he is a hacker.
No. He is a cracker. Wrong terminology and common mistake.
hacker
# noun: a programmer for whom computing is its own reward; may enjoy the challenge of breaking into other computers but does no harmcracker
noun: a programmer who `cracks' (gains unauthorized access to) computers, typically to do malicious things
Crackers are one of the lowest forms of life. Their whole purpose is to destroy with intent to bring themselves fame. Although most of them give up when they realize that there are better ways to go about it.
You should really be more careful about claiming someone is a script kiddy. If he thinks he's being challenged, he will find an exploit for your forums, if he spends a week or more doing it.
Let him go ahead and waste his time. I make daily backups of my site, as does my webhost. Even if he does take it down it will only take a couple more minutes to restore it to it's original state as well as discover the flaw using RAW access logs. Plus, supposed "crackers" do challenging things to make themselves feel better. It's not really that much of a challenge to hit someone's personal blog and gallery that barely pull in 30 hits a day.
Have I had my site cracked and defaced before?
Yes, back when I was a naive user that used unsecure software such as postnuke. But the exploit was one that could easily found by trawling the software's own security pages. Whoopee....The next Mitnick I presume? Um...No.
Do I care?
Not really. Like I said - Minor inconvenience that no one will notice.
In computing, a script kiddie (occasionally script bunny or script kitty) is a derogatory term for inexperienced crackers who use scripts and programs developed by others for the purpose of compromising computer accounts and files, and for launching attacks on whole computer systems (see DoS). In general, they do not have the ability to write said programs on their own. Such programs have included WinNuke applications and Back Orifice.
Script kiddies, instead of attacking an individual system, often scan thousands of computers looking for vulnerable targets before initiating an attack. The term is also often used as a derogatory spam for individuals who do not contribute to the development of new security-related programs, especially exploits, but rather benefit from the work of others.
Still firmly believe that. And, I wasn't personally attacking that individual, just his line of "work".
Be sure to forward this post to him.
Cheers!
Edit: After a simple Google search, it turns out that there are numerous Lacertosums. There is one legitimate one who runs the site http://hackthissite.com and is a legitimate hacker and who discovered the "WebCT 4.1 XSS" exploit. But, as we have discussed before, this is a non-malicious person. Sorry about the confusion.