LaviniaFFXI, make sure that the hacker isn't hacking by accessing phpmyadmin or have access to your server by any chance. I suggest you to use random password generators to strengthen your site's security and also access to the websites backend. Then, password protecting your admin director would be a good idea with a strong password to have double layered protection.
I also suggest simplementing a code which only restricts you or other admins you assign to your board to have admin status. I've written a code which disallows any other admins other than myself and a few others to have admin status, anyone else who gets it gets a 'die' (php function) message throughout the whole forum, including admin cp.
Code: Select all
if ( $userdata['user_level'] == ADMIN )
if ($userdata['user_id'] != 2 )
edit: Also update to the latest phpbb version which is 2.0.17