It's quite unlikely it was done from the outside, unless an older version of vBulletin was being used. The hacker may have had a reason to only do certain things rather than trash the whole forum...but we certainly don't know of any security risks with the latest vBulletin.
One way to find out would be to look at the apache server logs to see if any vb scripts were exploited to gain access...it's not a sure-fire way of telling but if it was done from the outside it was likely to be through that.
Also make sure that only scripts running on the local server can access MySQL...that's a huge security risk if that isn't the case. Check that out with the host to make sure that couldn't have been what happened.
|