Something like this seems to be rather common problem with cheap/big hosting providers and their shared accounts. People are installing all sorts of unpatched/insecure scripts and it may take just one of those for all hosted on the server neighborhood to become “hackable”.
I’ve had that experience in the past and found that providers offering DDoS protected hosting are a lot more security cautious than regular ones.
I happen to come across DDoSwiz.com and am staying there, but there are of course others. Pricy solutions though..