I'm not too sure this is the right forum section for this, since this is regarding managing the Web site hosted on a shared server.

A web site I manage was just hacked today by having the .htaccess file completely rewritten and the home page had a HUGE string of characters in php tags added to the end page. My client was pretty freaked out - I was kinda too!

Can the following prevent the .htaccess file from being accessed?
<Files .htaccess>
     deny from all
How does this happen in the first place and what can I do to prevent an outside source from modifying a file's code?