Anyone ever had one of their forums hit with filesman backdoor script?

One of my sites has, not sure how to remove it, what damage it has done or how it even happened in the first place.

Any help?

There are a big handful of ways to get hacked or backdoored. It's hard to say how it happened or what damage has been done from our position. You will have to find any suspicious files on the server and delete them, change any CPanel/FTP passwords and check for outdated software on your server.

Check all users with Admin permissions. BUT if you find any extra ones just remove all permissions - don't delete the user, because you will be able to check what they have done!

Also, check for any unusual products and plugins and be aware that the hacker will probably have installed some sort of backdoor in the database, so simply replacing all the files won't necessarily solve the problem.