"Middleware" is my nominal area of expertise. While I can't comment specifically on what happened to your site, I see almost daily announcements of security vulnerabilities for web serving and associated software. Most of these are never seen by the public and are fixed before they can be exploited by hackers.

If your web host is not on top of things on a daily basis they are simply relying on "security through obscurity" to prevent attacks.

If they haven't been -extremely- proactive in communicating with you about the problem, I would seriously think about finding another host for your domain,.