Seems like the permissions issue on the aruantec subdomain finally came back to bite them.
When I was performing some work for @ruantec, I noticed that some/most/all of the files in the forum directory had improper permissions, it seems a hacker exploited this and hacked the forums.
Either that or the hacker got in through another back door. When something like this happens it needs to be figured out exactly what they exploited, fix the issue that was exploited, re-upload all files and a database backup from before it was hacked.
However @ruantec can't re-upload the files unless he has FTP access. In order to fix this he needs FTP access so he can set proper permissions on the files and patch up the holes.
From what I could gather, the aruantec forum was using Mybb 1.4.2. Since then a security audit was done on Mybb 1.4.x and some security issues fixed in the later versions of Mybb 1.4.x.
It could of been either of those things or an unknown backdoor that was exploited by these low life scumbags.