Just got hacked? Then upgrade your Joomla 1.0.x based site to the latest 1.0.15 stable version. This newest release have fixed remote file inclusion (RFI) vulnerability. RFI is a technique used to attack websites from a remote computer. Read the RFI What and How here.

Download the patched package here or take your time to visit the upgrade instructions page.

What is the CSRF issue? Phil Taylor - known as a Phil-A-Form developer - have explained well enough on His blog, he wrote,

The nature of the vulnerability means that your site cannot be hacked while you sleep (like many of the other types of 3rd party component issues), but requires you (the sites Super Admin) to be logged into Joomla Admin while at the same time surfing sites (maybe even your own) that contain links to [THINGS] that send [NAUGHTY] requests back to your Joomla Admin Console without you knowing. This can lead to complete disaster and even complete server compromise.

What the...I never think of it. I always did that every day, log in to my J! backend and then surf to everywhere. Is that why I got hacked from the Damn Turk Kiddies last month? Not sure, I'm not the security expert. I wish I am.