There are two types of exploits where there are defacements like this.
One is an exploit through ftp, so, change your FTP password, etc. This one usually occurs when someone has spyware or a keylogger on their machine that sends this data elsewhere, or has shared the username/password/hostname combo with a software vendor and didn't change it after software was installed.
The other exploit is a web exploit which can come through numerous pieces of software depending on what you were running. Some of the exploits allow remote shell, and if your hosting runs apache in setuid mode (which is an abhorrent security nightmare), files could have been compromised that way.
http://www.greenguysboard.com/board/...ad.php?t=31508
In either case, you need to find out where the exploit happened so that once you do change passwords, etc, it doesn't happen again.
You will need to spend time going over system logs, etc to see where things got changed and then adjust/fix whatever so that it doesn't happen again.