wheel - 9:19 pm on Jan 15, 2013 (gmt 0)
You're getting distracted with .htaccess. It's not relevant. And it *won't* stop the hackers.
Any time I've been compromised, I've brought in experts. Reviewing signs of a hack is futile even for a competent users, you need someone who's familiar with this stuff, who knows where to look. Since you haven't done that yet, I'll assume you're looking to do this on the cheap. That being the case, here's the steps you need to follow moving forward:
1) get a new host.
2) rebuild your site from scratch on the new host. And by scratch, I mean not from your backups, and not from files on your current host. If you are using some sort of CMS, start with the current version of the CMS, download from the source, install on your new source. Then cut and paste your content from the old site over to the new host. Re-upload graphics. If you have had any custom php stuff done, be careful about moving it over (could be the source of the exploit hole).
If your pages are html, cut and paste the html code over from a 'view source' in your browser. That's probably overkill, but still....
3) change your dns and quit paying your old hosting company.
Longerterm, you need to appreciate two things. First is backups. Second, is archives - and archives are not backups. When I get hacked, not only do I have backups, but I can go back and restore an archive from before I got hacked. that's not perfect, but it gets me up and running until I figure out what the heck I'm doing. Then when I have the exploit figured out, I restore from an archive prior to the hack, fix the exploit, and I'm done. I've had hackers come back and rehack while I was working on figuring it out - not the end of the world because I just reset to the archive and we had fresh signs to examine.