Man I want to clarify some points:
-This so called hacker used a vuln in your script OR on your server.
-If you are runing some old vBulletin or you have installed a vulnerable plugins or products (and they are a lot) he must have used it.
-This guy IS NOT A HACKER :: he is simply a script kidie or w/e it's called.
what he have simply done is:
Code:
-went to milw0rm (or any other sited that publish 0day exploits)
-have found a 0day exploit.
-he used the dork supplied WITH the exploit to search IN Google for infected sites.
-he just used the Exploit.
so guys don't worry just keep your scripts up to date and you'll be fine.
And yeah don't give you passwords to any one(on the Internet) u don't know who is watching you.