Nothing you can do against bruteforcing? Ever heard of using a hashing algorithm that isn't fast as balls?
MD5 is not the way passwords should be hashed these days. Look up bcrypt or something else that can't easily be bruteforced. It's not possible to stop someone from bruteforcing sure, but when you use a hashing algorithm that can be computed hundreds of millions of times per second you are doing something wrong... There ARE alternatives.
I do hope I'm behind the times and that IPS doesn't still use MD5 but can't be assed to actually read around the site. So does this mean the account I'm using right now someone may have the hash/salt combo somewhere?
Using strong passwords will help - they likely try common passwords first when doing a bruteforce attack on someone. Though not all blame is on the user, here.