The first time I was ever hacked I took it very personally... then after much research I found out that it is completely automated and they hit thousands of people a day.

Once their "bot" adds you to their list of vulnerable servers they will hit you again and again.. if you are VERY unlucky they will post a link to the vulnerable file in a hacker forum so EVERYONE will start trying to take a crack at you.

I keep saying "you" but the bottom line is if you are using a shared see more hosting account it could be anyone on your server that is vulnerable. If another user is using a outdated script that requires register_globals to be turned on it could be THEM that is leaving the back door open.

What is happening to you is MUCH more serious that just a defacement (some silly logo on your homepage) because if they are doing bank fraud from your account at some point the finger of guilt might be pointed at you.. especially from the general public who have NO idea how hackers work and all they remember is seeing your domain name in the address bar when they entered their pin number, credit card, and socail security number.