Is CSS Sculptor the only webassist software you have used on this site?
The first step to take is to Change the FTP Username and password to see if the hackers have somehow gained FTP access either through a brute force attack or just by guessing.
make sure to use a strong FTP password, one that contain Upper case and lower case letters, number and special characters, also don't use a common word.
the most common way for hackers to gain access to a standard static site is through FTP.
outside of that we'd need more details on site functionality.
is it database driven? you you use Security Assist to offer site login? HTML Editor for Rich text editing? do you have the file manager enabled.