have been at outdated software. Mostly software like phpMyAdmin, osCommerce and software like that.
We see the log files for thousands of websites and hackers are constantly scanning for vulnerable versions of website software.
You have to keep your software updated and you have to follow the security guidelines for all software.
Of course, hackers are still getting in through stolen FTP passwords as well.