If your site is hosted by hostrocket, there's nothing much you can do about how they run their servers. It's their servers, they decide how to configure them. On their site though, it says it comes with a web-based control panel. It might be worth looking into that panel: it might allow you to set FTP-access, change your FTP-password(s),...

If not: email hostrocket and ask them to change your FTP-password(s).

Another possibility is that you have a trojan/keylogger on your computer, which could be used by the attacker to obtain your FTP-password(s). In this case, changing your FTP-password won't help much. Get an anti-trojan scanner to check for this possibility.
Tauscan has a 30-day trial period.

Something else: you say your site got defaced AND you lost all of your data? If you had a forum, your (forum)data should be in a database. They may have defaced the forum front-end through FTP, but it might be worth to check the database (or have it checked by hostrocket if you don't have access) It's unlikeley that they AND got access to your FTP, AND to the database. Unless that entire web-based control panel is the problem.

Spyder > I know who it was... I deleted the post where the OP said who it was