Read this article and download a security tool from downloads.com relating to this term.
Such a tool to download does only make sense if you have no idea why you're under attack. Alex knows pretty well why he's under attack: because he's using an outdated (ancient) version of the script that has known security issues. The attackers know those issues just as well. The only way to fix those issues is to upgrade. I understand that you're trying to be helpfull, but in this case your advice won't help.
You should also add a discliamer to you signup page stating that you will try to prevent it, but you are not resposible for hacking attempts.
What's the benefit of such a disclaimer? If you're aware that your site has security vulnerabilities and you still don't act accordingly, you can be held liable for possible damage, no matter wether you have such a disclaimer or not.
Well i am not a developer myself.
You don't have to be one.
I suggest upgrading as suggested in the docs: doing exactly as suggested there will give you a backup both of your files and your database. This way you can savely go back if the upgrade process should go wrong. The apply the actual update, replacing all customized pages with fresh files of the cpg1.4.12 package. This way, you'll lose your customization for a short period of time, but don't worry: you can apply them carefully, step-by-step after having upgraded.
The budget is $400
Sounds like a fair budget to me. I think you should be able to find a good freelancer to do the job for you.
Joachim