Here is an incomplete list of what you can do when you realize that your PHP-Nuke site has been hacked:
Check the files on your server against your latest backup to check for any modifications.Tripwire can help you with this task.
Reset all admin passwords.
Search the logs for the message posting URL, e.g. *admin.php?op=messages , find the perpetrator's IP and notify the person responsible for the network.
If using Apache, create "admin" user group, add a new user to this group and create the appropriate .htaccess file (Section 25.4).
Limit access to admin.php to a "tight" IP range/subnet.
Install the Protector module (Section 8.3.7), which gives you "high level" logs of session activity on your PHP-Nuke site.
Re-evaluate the security of installed 3rd party modules/blocks.
See also