I run Plesk installs with full root access, and even then cannot find much logging info on these kind of breaches.
When they exploit phpBB, it goes through http, and the access will be in your regular web log. However, it will not show anything unusual (other than lots of accesses from Brazil...