2
Maybe this is not the case - but most hardware providers won't tell you the full truth...that being said, maybe your's is being pretty forthright.
More than likely, if your reseller account is on a shared system with other resellers, then there are probably a number of ports open that don't need to be OR should not be. Two groups have been very active lately in exploiting the open ports and submitting trojens - one out of France and one out of S. Africa. If you are really interested in what's going on, try logging in and seeing if you have authority to retrieve all ports and processes running. You might be surprised at what is really open.
The other thing to look for, go into each of your sites logs. You specifically want to find any "wget" strings that are being issued against your site. They are looking for overflows to occur. Okay - this statement is not meant to get anyone all balled up - but hosting companies love to blame CMS's for being so insecure that's how people hack in. IF, and this is a big IF, they were able to get in through an overflow and issue wget commands - then just identify the site, notify your provider, and get the holes plugged up.
Good Luck!