We are sorry to hear your account/website has been hacked, you should upgrade all your PHP scripts to the most recent versions, then check through the account, normally once compromised with a Remote File Inclusion, the attacker will leave a shell script for easy access in the future.

The majority of web site compromises happen because of:

1. Stolen FTP credentials. Spyware on webmasters computers: key-loggers, traffic sniffers (FTP protocol sends username/password as plain text), trojans that steal credentials from various programs’ configuration files (FTP clients, DreamWeaver, etc).

2. Security holes in popular web software: CMS (Joomla, Drupal, etc), Forums (phpBB, vBulletin, Simple Machines, etc), Blogs (WordPress). Once a vulnerability discovered, hackers configure their automated tools to search the web for websites running vulnerable versions of the software and exploit them. This can be done easily and at almost no cost when they have an army of zombie computers.

3. Security hole in // in-house // web software. Many novice (and even many experienced) web developers don’t properly sanitize user input making various attacks possible (SQL injections, XSS, etc)

4. Poor security practices (Something that should be manually configured by site admins and cannot be fixed with automated security updates): Weak passwords, insufficiently strict permissions for limited accounts, files and directories with world write permissions, etc.

Please also look at the following articles:

http://www.qualitycodes.com/tutorial.php?articleid=29

http://www.google.com/search?q=mysql+injection

http://en.wikipedia.org/wiki/Cross-site_scripting

http://www.google.com/search?q=php+script+vulnerabilities

http://en.wikipedia.org/wiki/Remote_File_Inclusion

http://en.wikipedia.org/wiki/SQL_injection

We suggest you ask us to terminate and reset your account to new, erasing / deleting all files and databases.