Hi Julie,
Some simple advice to you:
-Change all your passwords. That's the easiest method for them to keep modifying it.
-Upgrade your system. If you are running wordpress, make sure you are on version 2.8.
-If you have any script (cgi, php, etc) remove them until you are sure they are safe.
-Check your system for new accounts and remove them.
After you are done, start monitoring your site: A suggestion is the free
Sucuri information security (BETA) that alerts whenever your site is changed/hacked/blacklisted/etc.