for some reason, i still believe this was done from outside, not on the root. ptbyjason told me that all the hacker did was to show his hidden forums and delete the admin accounts and reinstead himself as admin. aparently, ptbyjason's site is very succesfull, he had his provider called and requested to have his site down by his competition. his site is:
http://www.anabolicreview.com
if the hacker had acces to the root, he would delete all site, is simplier and more efficient. what do you think?