Someone Hack my site admin changed the password and username:  and also put his or her own email : emadabozaid@hotmail.com

what version of dolphin is it?

What you can do is put in your root/administration/htaccess file your IP between the quote marks. Replace the xx.xx.xxx.xxx with your IP. Keep in mind that you will only be able to access the Admin panel from that IP only.

<Files *.*>
Order Deny,Allow
Deny from all
Allow from "xx.xx.xxx.xxx"
</Files>
<IfModule mod_rewrite.c>
RewriteEngine off
</IfModule>

 Dolphin 7.1.4

 Thx

which version got hacked 7.1.4 or 7.1.5 ?

 7.1.4

 u should have done ur update...7.1.5 is security update..

this 7.1.4 version was there from a long ..imagine what hacker would have done...

its good that dolphin powered website never achieved that level popularity that can attract hackers..or we would be hacked all d time ..

Most sites including other software run sites are not worth hacking. There has to be an emotional or meaningful reason to hack. Random robotic attacks are more spam related. Hence someone trying to pass a message either to earn money or make a statement. There are many topics on how to stop robotic spam in these forums. Search for Human question, Captcha, Spam or ban IP. Some site ban all of China, have a human question on the join form, interactive Captcha, complicated Admin passcodes and use Dolphins built in Anti Spam tools as well as other protections for sensitive areas. This pretty much would eliminate robotic spam or someone gaining control of your site from afar. Of course, sites that require membership and manual approval of memberships after email confirmation are less susceptible to human spammers also, because of the review of the profile which will have spam material hints.

I think they would be more likely to want to hack banks, governments, credit card companies, retailers, investment firms or ISIS, not your social site unless you make a statement that pushes their buttons.

Make sure you can access your control panel/database tool.  You can go into the database and change the email address; then just use the regular forgot password to reset your password.

One thing you can do to help make it harder to guess at the admin account is to make a new one now that will have a much higher ID number; then go into your database or use Deano's Tools and set that as the admin account and then change user 1 (set as admin upon install) to a regular user.

Furthermore, use very strong passwords and make it stronger by making it longer, twelve characters of upper and lower case letters, numerals and symbols.  Even if you have to look up your password each time, it is better than being hacked.

also, if you get someone to do any work on your site for you, change the login details afterwards!

I changed all the password even the username yesterday. Even block China and 26 others countries. Now I can't login anymore all the admin accounts hacked again.. Help Plz.... 

Even block my IP address :(

You have exceeded limit of login attempts.
You IP was blocked!

Are you running the Access Management module from the market?  If so, you can clear your IP from the database table that handles login attempts.

If you are getting hacked after securing your server then something more is going on here.  I have no idea of the security fix released by Boonex but that is worth looking into.  You might also need to hire someone to help secure both the server and the site.

You should certainly update to 7.1.5; if you are unable to do this yourself there are people on here willing to help.

 u can ask ur hosting provider to use backup the day ur site got hacked ...then u update ur site..or ask them to update ..most hosting provider do free update ..my hosting provide do that for me only i have to do is msg them..