If you are running 1.4x branch of MyBB please upgrade to 1.4.8. Especially if you are on 1.4.6 or earlier. There is a well-known vulnerability that's rather nasty. Many MyBB sites that don't regularly update are being penetrated. And for those that may say MyBB is insecure. Realise the patch for this bug was released BEFORE the exploit was even published. I helped to find this exploit and within two hours 1.4.7 patch was released. That's how good software manages security. 1.4.8 was just released as well which fixes two minor and one medium risk vulnerability. Upgrading MyBB is very easy so please take the time to do it and subscribe to the newsletter to get update notices. More info here: http://blog.mybboard.net/2009/06/26/mybb-148-released-maintenance-security-release/
This is why we manage our clients' software installs. When a new release comes out, we upgrade all of our clients. Makes our life a lot easier since we deal with fewer hacked sites.
If you were hacked but feel you patched...please check for backdoor... $this->bckdr = '/cache/themes/themes.php'; That's part of the code for a script to use the exploit. If you have that file in your system DELETE IT ASAP. ROOT/cache/themes/themes.php It should not be there.
Yes they are all from this one exploit and it's actually mainly one hacker doing it all. He has logged about 5000 sites exploited.
He hasn't posted a site. Here is a link to a site he is using to post all his exploited, attacked, and defaced sites: http://zone-h.org/archive/defacer=NobodyCoder