Are you up to date on your software? If its a prevalent attacker then your software/mods are most likely not up to date and contain vulnerabilities. They look for easy targets and they are too hard to find.
They'll find you through a google search either searching for text in the page, the URL etc. If for example phpbb3.0 had a vulnerability and its a bot crawling a quick look at the meta tags would tell it if the forum was updated or not as they were changed in the last update.
I had a mod on a phpbb2 forum that had one vulnerable file, I was on the authors personal mailing list for updates. Shortly after receiving notification and updating the file it suddenly became a very popular file. My logs showed a huge surge in hits for that file and the search string for the specific URL to confirm the file was present.