So, what's up with doku.php being hacked, anyway? Is that a common thing?
Not common. But it depends on how you've set up your site and what security precautions you have taken. Have you set it up for read only to @ALL and write for users? That would be a start if you are having unwelcome visitors. You could also install the captcha plugin or one of the recaptcha plugins. If you know the ip addresses of your users, you can install the abortlogin plugin. If you want to discourage bot registrations, you can install preregister.