Recently, someone was hacking my forum and setting member data file contents to nothing. This rendered certain user accounts with a position of power on my forum to be disabled. I looked at the size of the data files affected through my FTP client and they said zero bytes. I know that it wasn't a server error because every time I would restore the data files, they would be nullified as soon as the hacker realized that they had been restored. Eventually, I just had to disable the forum overnight and stop fighting with the hacker. My forum is in good health now, but I'm not sure how the person was hacking my forum without FTP access. Is there a way to prevent something like this from happening again?

The only two ways I can think of, being familiar with E-Blah is if they did have FTP access at one point, inserted a file which you'd not noticed and when you (presumably) changed FTP details to try to block him out, he could still use his pre-written file from his browser to delete the files?... Look for any files that shouldn't be there, or try to get him active again and look for running processes on the server, see what's what...

one thing i did as an extra precaution is write a bash script to automatically tar up the cgi-bin part of the forums and the blahdocs part (2 separate operations) and every time the automatic backup is done, it checks for a backup older than 30 days and removes the oldest backup. the only downside is not everyone has ssh access and the other one is the files are saved in a user folder (/home/username) instead of the www directory so all restorations will take a bit of time and patience to tinker with.

i hope this issue is figured out so if it is a major issue, it can be fixed.

Yeah, I have a weekly backup scheduled so that if anything terribly wrong were to happen, I could restore a snapshot of my website. However, it would take a while to restore as it's a snapshot of my whole website which is about 1GB. My webhost is on a Windows server so I'm afraid that bash scripting is not an option to create routine backups of the forum and blahdocs. I may be able to setup something similar with Windows however. I could possibly write a Windows program to login to my FTP account and download the forum on a routine basis and zip the contents. It could run in the background as a service and startup everytime Windows starts. I'll play with some options and see what I can come up with.

AutoIT or a batch script could possible do either one and maybe make it a scheduled task