The hacker had gain access to my site, change preferences and was be able to lock out some of the users. I did come in in time and change the preference back before further damage. I have no way to track him down and don't know it he still can get in or not. The site is not secure anymore and I was wondering what can i do to track him, secure the site by using software? security monitor,... Do you have any recommendation. (i'm running the site with godaddy, PHP and MySql)
Your host should be able to help you work out how they got in by analyzing the httpd access logs. Are you running any other software or anything on your domain? If there's a serious weakness in vanilla it would be very useful to know about it so I'd suggest getting in touch with godaddy asap and seeing if they can give you any information.
It could be that either he got access to your webpanel account and done everything through there or perhaps accessing phpMyAdmin (basically.. your database) - replacing the admin password hash with one he generated and logging in to do whatever he wanted.
It could just be simple as him guessing the password.
Make sure: - Only you and trusted memebrs have access to your host's webpanel or the database. - You and your staff have passwords which cannot easily be guessed.
I believe there's a least one xss hole in vanilla 1.1.2 (not including extensions), maybe he exploited that (assuming by 'site' you mean 'vanilla forum')?