Well, the thing is not so bad because they did don´t want or they could not do more damage. They merely change the index file of the root folder and add a folder with some files and other files in the root folder, the rest, including the databases are intactes, so with some difficulty to clear these new files and folders, and restore the original index seems that all have been in a fright.
Now the question ... Is it a security breach of my software or my hosting? What I can do to prevent this in the future? Can make backup copies of the databases?
Thanks.