This might be relevant, although it is disputed:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4453
Printable View
This might be relevant, although it is disputed:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4453
Nihil,
Regarding that first link -- Their admin does know about and have that script, has things patched up accordingly now in regard to that particular one. Thanks for digging up some research material for me!
Phis,
Check your inbox, sending you two PMs, one with a link to download the logs.
The Wolfman would suggest running a vulnerability scan again the server in question. Since you seem to be running the latest version of VBulletin, it may be a 0-day exploit. Nessus can't identify the 0-day stuff, but at least you can check the system for any major holes. This may identify exactly how your hax0r is getting in.
http://www.nessus.org