tangor - 11:06 am on Jan 20, 2011 (gmt 0)
Script sites, opposed to static, are more prone to these attacks. Seal down all scripts (CMS, Database, Code) and run daily comparisons of file/date against known intent. Can be automated with an alert to let you know when injections occur. Static sites suffer fewer hacks (significantly) but can be hacked if the server/host has not done due diligence.
If you allow any user interaction, make sure all input is sanitized for what is ALLOWED and reject everything else. This is the most common point of attack.