15
If your site is being rear ended through your host, he has to fix it. Someone may have admin rights to your host.
On the front end. The less you have exposed (viewable) to non-registered users the better
Turn Register Globals off with a .htaccess file:
php_flag register_globals off
Change your admin password to at least 12 random numbers and letters. Do not use common words, there are dictionary hacks for that. Like this: mKk08JjjUR9a
Make sure all your modules are up to date.
Did you do what Protector suggested under the
Security Advisory tab?
You may have patched MyAds, but that doesn't mean it's not vulnerable.
You can also change registration, so it requires admin approval. You can then google the person that registers, username and email, and see if they are posting in hacking forums.