My freind is running a vbulletim board just like this forums.
last wk his site was hacked and slowed down for 5 hrs and then completely deleted.
What are the security holes in this Board and how to protect
it from future attacks?
Is it better to go for CGI scrpt or PHP scrpt Board?
Any scrpt that could be used to limit the No of posts
that a member is allowed?
Please in detail.

All the site was deleted?
and why do you think that VB is the cause of that?

I doubt he was hacked through vBulletin unless it was a very old version. You need to do some post-attack forensics and find out how the person got in....most likely through an unsecured FTP server, MySQL server, CGI-BIN script, or other service.

vBulletin is fairly secure and if run with the appropriate settings should not compromise the machine because it does not have root access. Of course if the person got root, then most of their access trail is probably gone -- a good reason to have server logs emailed offsite.

If someone one the same shared server got to his config file, he could easily have been hacked. His mySQL username and password would be available, and now his database is completely vulnerable.

Since vB stores passwords as plain text, if your friend uses the same password on another vB site that he uses on his own as admin, he has given away his password to any number of other vB administrators. His CP for vB is not accessable to the hacker and much damage can be done with admin privs.

Was this a shared server account? Is everything protected inside suEXEC or cgiWrap ownership changes?

There are many posts on this board that talk about the inherant insecurities of shared hosting accounts...

-t

Here's a little extra you can do (as I have done):
put a .htaccess file in the forum/admin directory and restrict access, and use a loginname and password that's different from any vBulletin Admin...

Other then that, the only advice is: install updates as they usually contain (bug)fixes besides the occasional extra forum functionality