Really the only thing you can do since this is hosted by someone other than you, is to just bug them about security. You can't really fix any holes because it is not your server. It is illegal for us to check for holes because the hosting company probably wouldn't like that. It should be the responsibility of the hosting company to secure their server to the best of their ability. And if they can't keep it reasonably secure, you need to look elsewhere for hosting.

edit
oops, I had made a big booboo in my post, on this part "And if they can't keep it reasonably secure, you need to look elsewhere for hosting." It had said can before, and that is not right. Sorry about that, all fixed now.