phpBB is one of the most popular forum software packages out. Because of its popularity, it is also one of the most targeted by spammers and hackers.
To prevent hacking, it's usually a good idea to try to keep your installation of phpBB up to date. Newer versions of the software fix and patch the exploits found in older versions of the software.
Spamming, on the other hand, is something that usually takes advantage of legitimate features and functions of the forum. User accounts are created, and member profiles are filled with information such as links to the spammers' site. Spammers do this with the tools built into the forum itself. Fighting spam, spammers, and spam bots can be a long and tiresome task.
Here are some links that may help you out if you have chosen to use phpBB.
phpBB Toolkit - a great program that helps you manage your forum. it will let you recover from a hack and repair your board, plus let you manage and delete users from the system. it works even if your forum does not.
Easy BotStopper (Modification) - this hides the web URL field during account registration. if the user submits web URL information anyway (a spam bot's script may try to submit web information regardless of visible forms), then the account registration is halted.
Active members Only (Modification) - this sets it so that only activated users are shown in your memberlist. even if a spammer registers an account, his spam filled profile wont show up on the memberlist until they activate (which probably will never happen).
Expire Unactivated Users By Timeframe (Modification) - this gives you an interface to delete accounts from the system that have not been activated. if someone registers, and after a month still haven't activated their accounts, do you really think they were ever going to post something?
Show newest active user (Modification) - this changes the main forum page to list the newest *activated* member instead of the newest registered member.