Hi Matt,
I do have some suggestions that might help you as I do have an IT background. Some of this you might already know but this should help with your security issue.
1) Free forum software such as SMF tends to get hacked more than paid forum software as paid forum software has better developers constantly fixing and making improvements. Use a different forum software such as Xenforo. Their newest version has a 1 click update system which makes it easy to keep the forum updated so you don't have to worry about being hacked or the hassle of upgrading the forum.
Note: Forum software does cost $160 a year and does come with support.
2) If you decide to stay with the current SMF forum software, you have to stay on top of the updates. Currently you're using SMF 2.0.15 this 4 years out of date. The latest version of the forum is 2.0.17
3) Remove the version from the bottom of the forum as well as the forum software name. For example, at the footer of the forum it says " SMF 2.0.15 | SMF © 2017, Simple Machines ". Hackers use a bot to scan google for out of date forums or specific forum versions that they know they can hack because they have a working exploit for it. Just by removing that from the bottom of the forum can make a huge difference as they won't have any real way of knowing what forum software you're running or what version number of the forum software you're running and their bots will simply skip over this forum (in most cases).
4) To stop spammers from signing up (again, they use bots to do this 99% of the time), you have to put a question on the sign-up forum that only a real human user would know. For example, "who was the founder of SSL", a bot would not know how to answer this, this will make it nearly impossible for spammers to sign up.
5) Adding an extra layer of security such as invisible re-captcha can also be of great help. A captcha looks like this:
even though some bots can still figure this out, it still works great at stopping most bots/spammers. The invisible re-captcha (also known as Recaptcha v3) is made by Google and is free, users don't have to fill out the annoying image but it still detects and blocks the bots from completing the sign-up form. This might require some coding work but can be done very cheaply (around $100 or maybe less) by a developer.
6) If you're using any plugins on the forum make sure those are also up to date, sometimes plugin developers (usually when it's a free plugin) stop updating it after a while and if that's the case you might want to consider removing those plugins.
7) Require new users to have a certain amount of posts in order to post links on the forms if all else fails spammers hate this and usually just quit and move on to another forum.
These steps stop any forum spam and limit any future hacking attempts.
PS: Please excuse any typos, it's late where I am right now.