On a shared webspace server I had the same problem. The hacker left a file: assets/hack.html
The server was also used as spam relay.
Here is an additional possibility to fight against these hacks by editing your .htaccess file:
__________________________________________________
RewriteEngine On
RewriteCond %{QUERY_STRING} (.*)=http(.*) [NC]
RewriteRule ^(.*) - [F]
__________________________________________________
Description:
RewriteCond %{QUERY_STRING} (.*)=http(.*) = Controls the value after index.php?XXXX if there is an external file included, for exampleindex.php/site=
http://xxxx.com/yyyy.php
[NC]= Ignore case sensitivity
RewriteRule ^(.*) - [F]
__________________________________________________
What about a security mailing list?
And thanks to Ryan for solving the problem very fast .