Hello, i apologize if im in incorrect forum, or this topic was already discussed.

My forum was hacked twice times today, database deleted and 3 root directory files modiffied (index, forum,showthread)

My target is to discover how they can gain access to my mysql and files. Exactly which log files should i examine to discover it (i have root server access). I dont need IPs but to find the BUG.

- I changed password for cpanel
- i changed user password
- i upgraded to latest vbulletin 4.x.x
it got hacked.

This is my VB plugins list: http://pastebin.com/LQiNK8J3

I dont think my server is exploited. Thanks much!

You need to look at your access_logs

If you hit Install on ibproarcade, then you should have been notified that that modification has been quarantined because of a security issue.

Please what is the address to the access_logs ?

If you don't know where your access_logs are, you will need to ask your host.

I have unmanaged server and my host does not help such things, so im asking if anyone there knows.

But we don't know. You will need to look at your server and see where you have specified to have them saved. Most users have them in a directory called /logs usually above the root folder (so as not to be accessed by anyone).