I have a fairly popular gaming site that generates a decent amount of traffic. About 3 days ago I logged in to update the news and I noticed that someone had hacked in and was in the prosses of changing all my front page news posts to racial slurs and gay porn. He had already deleted all the forum posts and sent out a mass e-mail to all my registerd members (about 3,500) The e-mail was very hate oriented. The guy that hacked in clamed to be a member of myg0t. I shut down my vps to prevent any more damage. I did not have a recent backup of the MySQL database so I had to roll back the forums to a version over 2 months old.
My question is: How easy was it for him to hack into my page?
Is there anything that I can do to try and prevent a future attack?
I had the mainfile.php and admin.php files permissions set to 644, I have now changed them to 444.

I don't know about hacking so i'm not sure how he got into my site or how I can try and prevent him or somebody else from hacking in. I'm afraid to bring the page back online untill I can get the page secured. any help will be greatly appreciated.
Thank you.

Sorry to hear about your troubles. It is imposible to completely prevent a determined cracker from doing his bad things. There are several things that you can do to help make it harder.

1. Strong Admin Passwords. Now cats name dog name sons birthday. But a real password with letters and numbers, uper case and lower case.

2. When installing XOOPS set another prefix besides the default xoops_.

3. Stay up to date with all security fixes.

4. Use the Protector Module by GIJOE. This module also has the ability to change your database prefix almost automatically (you will need to edit mainfile.php the prefix change)

Like I said these do not completely eliminate your site being attacked or hacked but it will make it harder for a determined one to do, and probably discourage script kiddies also.

HTH.

not sure what version of XOOPS you are using, but the newest update has addressed some security issues and you can also install gi joe's protector module. get it here:
http://www.peak.ne.jp/xoops/modules/mydownloads/

do a search and read some of the posts related to protector.

*EDIT* never mind JD beat me to it..

"Security is not actions, it's process"... If I was read correctly about "VPS" and correctly understand and interpret it - XOOPS was installed on separate box, which have full set of different services (and holes and weakeness). I'm not sure where to start find exploitable entry point - in XOOPS or in the system

I highly recommend if you are running an apache server the module modsecurity and possibly suphp. It could take some effort to set up (depending what you want to use your website for) but it prevents attacks, even attacks we may not know about yet. If you are running the server on your own box, then also chroot apache is a good idea. Of course, right permissions are very important.

Thank you all for your quick responses. I will be looking into all the suggestions. The XOOPS version that I'm using is the latest stable build.