Recently I've had 2 websites defaced. Both run php/mySQL.
In one, the index.php was replaced or overwritten with the message:
"Tech Team ownz u FreeBSD"
My host for that site uses a Free BSD os.

On the other site, they replaced or overwrote my index.html with the message:
Tech Team ownz your box."

How would these folks go about doing this? I really want to take measures so it doesn't happen again.
Thanks