What do I do if my community has been hacked?

In order to hack your community, someone has to use a moderator or administrator account. Board hacking always involves account hacking.

Often a hacker will revoke the other administators' powers or ban them, ensuring that only an account he controls has administrative powers. EzOps (board creators) cannot be permanently banned from their own boards. An ezOp should always be able to go into a board’s Control Center and unban herself. If any other admin or mod account is hacked and used to damage your board, you should notify the ezOp as quickly as possible so they can come back and take control. The ezOp needs to step in and immediately remove admin and mod powers from all other users until it is determined which ID has been used to make unwanted changes to the board (the real owner may not be to blame, but someone may have used their account without them knowing). Then, the ezOp can temporarily lock down the board (apply MBA or password-protect the forums) until the board has been restored to its original state (or as close to it as possible).

If the ezOp account itself has been hacked, the ezOp can usually get control of their account back on their own. The first thing to remember is not to panic. If someone has gotten into your account, you can probably regain control on your own.

If the account thief has not changed the password or email address on your account, log in and change the password quickly. You should then log out and log back in with the new password.
If the thief has changed the password, but not the email address, you can request a lost password and it will be sent to your email address. Then log in and change the password.
If they have changed both the password and the email address, you can use your secret question to have a new password sent to your email address. This also automatically changes the password to a random one that you can change after you login.
If you cannot get into your account by any of the above methods, you can file a hacking ticket. You will be asked your secret question or other registration or payment details to prove your ownership of the account.

True hacking is very rare. Many people experience bugs or other routine problems and quickly assume they were hacked. If you simply can’t log in, do not jump to the conclusion that you were hacked. There are many possible causes of login problems. The only real proof that you were hacked is if someone posts with your account, performs an administrative or moderator action with your account, sends an inbox message with your account, or edits your profile.

The majority of board destruction is not done by strangers or hackers, but by rogue admins who got into a disagreement with the board owner. A board is only as secure as its least-trustworthy admin or mod. Don’t give people power over your board if you don’t know them well and trust them completely. Be careful of people you don’t know well who offer to help with the customization of your board and ask for administrative powers. Make sure your mods and admins keep their accounts and passwords secure. If an authorized admin gets angry and deletes all your forums, you have not been hacked! After all, you voluntarily gave that person the ability to destroy your board.

After you regain control of your board, you may need to request a restoral. You should only request a restoral if large numbers of topics or whole forums have been deleted. It isn’t necessary to do a restoral if your colors or customizations have been altered. Those can be redone without doing a restoral.

You and all your moderators and administrators should also resolve to keep your accounts secure in the future. The majory of hacking occurs through a simple guessed password. Make sure you keep it safe.