Hacking can be done in many different ways. Some commonly used methods are explained below.
(i) Account passwords harvesting
In this method, hackers will try to collect website account passwords in large scale. We will call this process "account passwords harvesting". Details on how they do that are fuzzy. Use of password like 123456 or use of a spyware infected PCs at home are the main reasons. Actually the complexity of the password should be beefed up to at least 8 characters. But this does not help if the user computer is infected with a keylogger.
(ii) PHP vulnerabilities
PHP has got of lot of very vulnerable and potentially exploitable functions. Hackers have been enjoying these security lapses for a long time. In our servers, we are offering PHP 4 & PHP 5 after locking down most of the common security holes in PHP.
Most of the PHP applications like Joomla, PhpBB, PhpNuke etc are community developed. These application may have potential security vulnerabilities and hackers may exploit them. Most of the website hacking are done using vulnerabilities in PHP applications.
All community developed PHP applications are patched as & when new vulnerabilities are discovered. So you should upgrade/patch PHP applications in your website time to time. Failing to upgrade/patch PHP applications in your website is equal to opening a backdoor for hacker in your website.
Mass modification of website files
Once the hacker discovered a backdoor in website either using an account password or using a vulnerable PHP application, he will try to modify your file. We will call this stage "mass modification of website files". It looks like this stage was automated and they use a special tool, called MPACK, to install malicious IFrames. Usually only main site index documents are targeted (i.e. index.php, index.html, index.shtml, etc.). Malicious IFrames are usually installed at the beginning or at the end of the document.