One of my friend's file directories was compromised. We believe it was via vulnerabilities in wordpress. We're still trying to discover any shell scripts etc and investigate just how it occurred.
We're recommending the friend dump everything in the file directory and start fresh without wordpress. As the friend has a vbulletin forum, he'd like to use a fresh SQL database but restore specific tables relating to users, forums & threads. Every other table would be dumped and a fresh one used. The vBulletin file directory would be a complete fresh copy downloaded from the member area.
If somehow the vBulletin users/forums/threads tables have had malicious code inserted into them etc, how big of a risk would the friend be at in your opinion of being further harmed? Could an SQL injection give them rouge access to the friend's file directory or would just the SQL be affected? I'm aware you can make forum admin accounts etc in the SQL and do considerable damage, but we'd take preventative steps in the FTP directory so they still couldn't access the adminCP or find it even if they had SQL access.
If you are having linux server, I would suggest you to scan your complete account for malwares using commands like maldet
If you found any malwares, remove it. Next step would be allowing IP based access to your admin area. Also make sure that you are having the latest version of the software installed. If you install themes/plugins , make sure that you get it from trusted source.
If your db is completed infected, It is not recommended to use it again as it depends on the codes that are injected.