Sounds like an XSS "hack" - Comes down to bad sanity checking of user input, allowing the douche attacker to post content that immediately redirects you to another page
Quick analysis of the situationThis most certainly isn't an Cross-Site Scripting (XSS) vulnerability. All non-existing URLs (404) redirect to the spam site as well. No reflected or stored XSS can do that.
The server running the forum hosts gazillion other sites as well:
http://www.robtex.com/ip/80.237.132.227.htmlAfter quickly testing the other sites they don't seem to be suffering from the same problem. This leads me to believe that the problem has been contained to hollywood-mal.com alone. If I'd have to guess someone has gained access to the control panel / admin interface used to manage the virtual hosting and has managed to modify either the apache2 config itself or .htaccess or other files.
RamificationsFrom the looks of it it does appear that someone is only using the gained access to spam. It however isn't safe to assume this and for instance the phpbb forum user credentials should be considered compromised (that is: everyone should be damned sure they don't use same password elsewhere...). Sure, the passwords are hashed with a pretty good algo these days (salt & slow) but simple passwords are still trivial to crack with wordlists.
Additionally any confidential material (such as private keys, passwords etc) stored on the affected site should be considered tainted.
Incident responseThe only reliable way to mitigate the issue would be to try to find out how the takeover / modifications to the site happened. Only then will it be possible to fix the problem and avoid any future takeover. It could be just easily guessable password for the control panel or something as silly. If there are access logs to the control panel / site admin interface those would be my first interest. That failing it'd have to be mapping all possible access points and then trying to find out if there are logs for those, and checking everything.
In the worst case scenario the access point can never be determined (due to missing/ lacking logging for instance) in which case it can be only matter of time before the site gets owned again.
Of course I can't possibly know of the tools, technologies or software used with this hoster or the particular site (except for the phpbb) and much of this is just huge bunch of guesses.
Example of the redirect follows:
$ echo -e 'GET /x HTTP/1.1\r\nHost: www.hollywood-mal.com\r\n\r' | nc www.hollywood-mal.com 80
HTTP/1.1 302 Found
Date: Mon, 21 Mar 2011 14:15:04 GMT
Server: Apache/2.2
Location: http://tabl[censored]eds.com
Content-Length: 285
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://tabl[censored]eds.com">here</a>.</p>
<hr>
<address>Apache/2.2 Server at www.hollywood-mal.com Port 80</address>
</body></html>
