Are you running any insecure scripts? PhpBB, for example, is a script that gets hacked regularly. If you're using an insecure script, you should either upgrade the script to remove the holes, or switch to a better script.

No, I am not using phpBB at all. Infact, I prefer vB for any kind of forums. Rather, i use miniBB when the forums are not that necessary.

Any helpful advice would be useful.

thanks

<side note>
phpbb boards generally only have a problem getting cracked when people are running versions 2.0.0 or older (2.0.5 is the current version) or when people forget to delete the install files after completing the installation. Unfortunately, many people don't upgrade (2.0.0 is a couple of years old now) or don't delete those files, which is why people hear about them getting cracked.

BTW, cracked is when they are attacked through the boards itself (through an exploit or the install files), while hacked is when the server itself is hacked.
</side note>

Sorry, it's just nearly impossible to make a relevant comment without knowing specifics. My comment about phpBB was just a stab in the dark, it could be any of a thousand and one other things. Generally, as Jenstar mentions regarding the phpBB, keep everything (not just scripts, but the OS as well) on your server up to date.

If you've already been rooted (meaning someone gained root access to your system) then you got to burn the system. Set up a new server, migrate your data and kill the old. Once you've been compromised you can't trust anything on the system anymore. Hackers will replace common utilities, like 'cd' and 'ls' with trojaned versions - there's just no way of knowing how many backdoors they've created.

Some general guidlines:
- run only the software you need and lock down everything else.
- keep up with security patches on the OS and the software you do run.
- never send your admin or root password in the clear. Use SSH, SFTP, and HTTPS if you have a web-based control panel or even phpMyAdmin, etc.
- have a solid backup and recovery plan.

You really might benefit from getting a security guru to help you lock it down. Good luck.

jamesa - Thanks for those tips. Changing the box after getting hacked once does sound rationalistic for me. However, i am still on shared server and still picking up momentum in terms of traffic and popularity.

My admin did check the logs to investigate, how it all happened and did get a lot of clues and the actual IP of the system used to perform such a misadventure.we informed his ISP also about it.

Lucky me, my host takes backups every night and now, my admin makes two copies of my site backups, just in case.

Okay, i have another question : These hackers generally leaves the names of their groups when they hack sites. with those names on hand, is it possible to do much better tracking of the culprit? or can i squeeze any more info using such info?

Thank you for the advice.
Cheers