I have many sites. I sort of got lazy with my updating. It is very important to make sure you always keep up with the updates. I learned the hard way
My too... Those dam hackers will make your life miserable. Be sure and update your components too. That's how they got me.
Sorry about that Best advice i can give especially for joomla sites is: - Always update - Do backups often - Protect your Administrator backed (there are plugins help you do that) - Do not use extensions that are not so loyal - Host your website on a server that use firewall - Disable any php function from php.ini that you dont need - Scan your website often using calmav - If you would like to take this further you can use an external virus scanner to protect you 24/4 like "Website Protection Site Scanner" of godaddy. Its cheap Also a good idea is to follow joomla Security checklist starting from here http://docs.joomla.org/Security_Checklist_1_-_Getting_Started