Remaining servers need extra pressure from users
Web browsers need to start reporting known security flaws to users visiting a site, by default.
I know there are extensions you can install for this kind of thing in Firefox or Chrome, but I think this shows the need for a installed-by-default warning system. Just like your browser warns you when you visit a site with an invalid/self-signed/expired certificate, it should check a database and warn when you visit a site with a possibly compromised certificate.
If enough users get a warning bar appear when they visit unpatched.com, some of them are going to complain to the administrator of the site, hopefully resulting in getting it fixed.