So today while I was out at work, a -very stupid- team of hackers decided to target my forums. Our FTP is VERY secure, they could not have had any way of getting through my FTP. This leads me to believe that they found some leak or loophole in the PHP of xenforo, considering every site they use is PHP based.
Here is some hotlinks:
The index.php they used (Via mediafire)
The index.php in action on my forums
Their facebook where they have a wall of hacked sites
Their photobucket where half their images are kept
I am not 100% sure how they did it, they may have very well got our FTP; However I am sure if they did that, they'd have damaged much more than our index.php. Replacing their hacked index.php with the original was all that needed doing.
You may well already be aware of this, if so I am sorry, I did quick search "rebel" to see if this was a dupe post.
Thanks - And good luck