Vanilla Forum Hacked
Well, my Vanilla forum has been hacked, and i come here for some suggestions. Pretty much all of the threads on my forum has been closed, and the title has been modified to state perverted content. Needless to say i swiftly I took my site offline.
Contacted my web host. They have provided me with a backup of my database (not sure how recent it is), and they also said they did a check on my site and found no viruses on it.
After getting that info i assumed that someone must of hacked into my admin account using a brute force script since all of my threads titles were closed. However, upon logging in my password details were the same. If they did hack my admin account then i will assume they would also locked me out. Also, it appears like a new user was made that is locking all of my threads. The user has the permission of a member.
I realize i can delete my forum and import the details of my database, but the thing is i dont know wtf caused my forum to get hacked. If i dont know then what stops them from doing this again or exploiting some other loopholes.
I know that its extremely hard to assist me in this situation but any thoughts would be appreciated. I did have plugins customized designed for my forum, so that could be a vulnerability but right now i have no idea. I can only assume is some type of sql injection exploit as i do allow users to upload files.