twice today i have went on my website and it has been defaced im running ipb 2.3.6 with all updates etc but still i get this how can i stop these doing this?
The most incorrect advice ive seen in a while, david. You need to ensure your files have the correct permissions, also ensure that the attacker hasn't uploaded any shells ( he most likely has, as hes using it to change your files and deface ). I highly suggest you also find a new webhost, as the webhost should have better security in place ( mod_security ) Blocking the attackers IP won't stop the defacing, the attacker will just use another IP. Find the hole, and deal with it. Ensure you are running the latest version of IPB.
We'll you're running the latest version of IPB, so that is a plus. I'd recommend scanning your computer for virus/spyware. Change all of your passwords ASAP. If it happens again, find a new hosting provider.
Chances are good that others running ipb have face the same situation (thats if we can be sure ipb has something to do with the hole... it just may have been something else in your files too... IE: a long forgotten contact form, cgi file, etc.) --- then it would be wise to find their user supported forum and see if any solutions have already been posted to secure your site and close the hole.
Look at your raw logs and see what the exploit they used was, if there are none listed then it means they got access from alternative methods such as, key logging, cross-server hack... etc If you find the expliot they used Google it and you should be able to find a patch for it - If not at least contact IBP.