I've also had problems getting hacked. I'm using PowerCMS 2.01 (will change over to cms builder when all this settles) with iPower hosting and getting hacked on a daily basis. I've run a vulnerability test and it comes up with the following on both the admin and users log in pages:
Severity : Medium
Vulnerability Class : Cross-Site Scripting
Target URL : [withheld until secure posting]
Post Data : N/A
I want to make sure this isn't a false positive & will run another type of vulnerability scanner, but I need to stop getting hacked.