It is indeed true, back in the day my clans site was hacked 3x and fully wiped 1x. Luckily we did have HD backups on a computer and were able to restore the frontpage, but our forums were lost as were all the pearl databases.

It's a very taxing process having to deal with, and i was telling ɤsyst3m4t1c that we finally did get a guy who locked it down pretty tight, but i couldn't tell you for the life of me what exactly he was doing, so i thought someone might be able to help him out...


(by the way, The Illuminati [Gaming Society], or tI/tIGS (we switched names on our 2nd year) was the clan, we started in Game: The Matrix Online so getting hacked was almost expected, it was like RP IRL lol.)

Erm... not use vulnerable board software etc. Be on the lookout for recent exploits, and do a little research into some of the hacking methods, as I doubt any of the "real" hackers could be bothered breaking into small clansites. They're most likely script kiddies, in which case the solutions are easy to put in practice. Password everything, make sure the power tools are available to the least amount and most trusted of people, and for gods sake, don't choose retarded mods or anyone likely to get phished.

The only other things I can thing of are specific vulnerability like MySQL injection and XSS attacks, but I don't know anything about those.

Was he using his own server or relying on another host?

basic rule I've always heard about this sorta stuff is:

NEVER TRUST YOUR USERS.

Simple as that. Strip the content of html tags, parse it, make it so it corrupt the database, etc.
Link: http://www.addedbytes.com/php/writing-secure-php/