vBulletin hacked forums: Clean Up Time
Step 2. Put up forum wide announcement for folks to mention the breach and need to change their password
Step 3. Review your admin users in your administrator usergroup. Then take notes on the exact username used as well as the userid they belong to. You may need this information for running a check against vB adminlogs. Then delete any that don’t belong. Don’t ban them. Don’t make them regular users. Delete them. But if you didn’t take notes of the exact username and userids the hacker created, you can also find them using vbplugincheck.sh tool outlined below.