SteveWh - 4:26 pm on Feb 18, 2012 (gmt 0)
Also ensure that your vBulletin installation, all its plugins, and any other software you use are fully up to date.
Ensure your custom PHP code, if any, is secure against remote file inclusion.
Ensure there are no viruses on any PCs used by your site admins.
And in case it isn't obvious, the same vulnerability that allowed the clear gif to be inserted into your page also gave the attacker sufficient access to copy all your PHP source files (including your contact form handler script), and your databases -- so that explains how they were able to make a working copy of your entire site.