There is a vBulletin defacement attack where the main page is replaced with an alternate page. In these particular defacements, the files on the site aren't changed (index.php, .htacess or config.php), but rather the database template table is modified:

Description of the Hack

One customer, who kept correcting the database table kept getting hacked repeatedly, even after updating to the latest vBulletin. His solution was to remove the spacer_open template:

"Since they're using the spacer_open template, I decided I should stop using it in the vB files. Apparently it is unnecessary. Here is how to remove it from use:

http://www.vbulletin.org/forum/showthread.php?t=119286

Now they can hack it all they want and nothing will happen. I put their hacked code back in the template to test it. Hopefully this "fixes" the problem until they find something else to exploit."