How exaxtly has your site been manipulated? If you found a security issue within the Elgg code I would suggest to tell any of the Elgg core developers about it directly (and not open a ticket at Trac).
If the file index.php has been manipulated directly, it's quite unlikely that the hackers used any undetected security holes in Elgg but more likely that they hacked your server directly - which is surely beyond the scope of Elgg. Or could they simply have guessed your admin password?
@Skyforum
Do you have on your server any wordpress site?
Did you save the changes on your index.php? Did you check if your .htaccess have been modified?
Rodolfo Hernandez
Arvixe/Elgg Community Liaison
Are there any other scripts running in parallel in same server, same location? Is your data directory web accessible?
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.