Just like with MS Windows installations, a 'hack' will come in via any known vulnerability. EG a vulnerability in a PDF reader can infect your windows XP machine.
For servers it can be from vulnerabilities in the op system itself, the added 'server' software such as PHP, apache, MySQL etc, the hosting control software such as CPanel, or the installed domain software such as blogging, CMS or forum.
The 'affected' software (EG your phpBB installation) may well not be the vulnerability used to gain access (mostly is not), but may well be the targeted installation for data after they gain access.
phpBB: The All Important Rules - Bertie Bear 3.0 - No support via PM system - use the forums please.
phpBB v2: Retirement (1/1/2009) : phpBB v3: Read Me Topic - Custom BBCodes - Support Template
Matthew 7:7"Ask and it will be given to you; seek and you will find; knock and a door will be opened to you."
My Links: MS MVP (Consumer Security) - Malware Removal:University - Own Forum: Custom BBCode testing