It looks to me as if this car has left the road and come to a sudden halt against the building, with the result that both have been somewhat damaged. But why did it happen? Was there a mechanical failure such as brakes or tyres? Did the driver fall asleep at the wheel or something distract him? Was he drunk? Or did he swerve to avoid a child on a cycle? Perhaps there's a more unlikely reason - perhaps there was no driver in the car, but it was left stopped on a slope and ran away, or it fell off the back of a lorry.
When presented with a web site that's been compromised - with new files created, databases and their records changed, or data injected into existing files, it can be rather hard to work out what has happened - rather like trying to find what caused a motor accident. And one photograph is going to give clues, but no more - the picture above is from a page of public domain images, and I know no more than that. So "educated guess" is my best hope.
If I'm going to be looking at a system that's been compromised, I'm going to look not only at the content of the file(s) and database(s) that are infected, but also for certain other tell-tale files that might have been added to the system - especially at around the same time. And I'm also going to take a very careful look at who is allowed to do what to which resources. In other words, file permissions, and user and group ownerships.
Here's an answer, just written, concerning infected files...
If you have infected files, have a look at the write permissions on the infected files .... who can write to them? If they're writeable by the web server user, then is that just yourself, or is this a shared hosting machine? If the scripts are PHP and it's a shared server, then the start of the hole may not be in your area, but the write permissions being wrong in your area have let the sh*t land on you.
What causes such scripts to allow files to be written? Typically scripts written with the best intent, but in which the file name can be taken from the user / seeded by a form. John can create a file called "John.html", perhaps. And Harry a file called Harry.html ... all perfectly good names in a directory called "users". Then along comes someone called ../index.html ... and he overrides the home page at the top of the site. Be aware, too, off the cross-site scripting possibilities of Mr "http://www.sheepbingo.co.uk/" who might find one of your scripts that he can pull his code into and have it run on your system. And these concerns apply not only to the scripts you have written yourself, but also those which you have sourced from elsewhere.
With Perl, the script may be run as the user (via setuid) or as the web server, and you should take a look at which of the two your setup uses in order to help you with the analysis. (written 2009-02-24)
Associated topics are indexed as below, or enter http://melksh.am/nnnn for individual articlesA163 - Web Application Deployment - Network Configuration and Security 
Setting up your MacBook Air as a mobile broadband router - (2013-07-07) 
Checking all the systems on a subnet, using Expect and Tk - (2011-09-18) 
Parallel Pinging, using Python Threads or Expect spawn lists - (2009-11-02) 
Ruby, Perl, Linux, MySQL - some training notes - (2008-11-23) 
As different as night and tyres - (2008-07-18) 
Slow boot and terminal start on Linux boxes - (2008-06-05) 
Wireless hotel tips - FTP and Skype connections failing - (2007-10-26) 
Heartbeat script in Perl - (2007-02-09) 
Domain Forwarding - 2 ways of doing it - (2005-11-29) 
What are DHCP and DNS? - (2005-11-27) 
Looking up IP addresses - (2005-06-01) 
Searching security holes - (2005-04-04) 
Security and Safety - (2004-09-03) 
A bolt of lightning on Multicasting - (2004-08-11)G997 - Well House Consultants - Newsletter Lead Articles 
Telling you something about us in just one line - (2011-03-15) 
Public Open Source Training Courses running this summer and autumn in Melksham - (2010-04-27) 
Open Source Training Centre and Courses for 2010 - (2009-12-16) 
Weekend and Christmas Promotion - Well House Manor Hotel, Melksham - (2009-09-26) 
C++, Python, and other training - do we use an IDE - (2009-08-21) 
Walks in and around Melksham, Wiltshire - (2009-06-21) 
Make your business a DESTINATION business - (2009-04-05) 
Book now for 2009 - (2008-11-29) 
Calling base class constructors - (2008-10-03) 
Upgrade from PHP 4 to PHP 5 - the TRY issue - (2008-08-15) 
Python in an afternoon - a lecture for experienced programmers - (2008-06-01) 
Cambidge - Tcl, Expect and Perl courses - (2008-04-04) 
Letting new visitors know we provide training courses - (2008-02-19) 
New trainee laptop fleet for our Open Source courses - (2007-12-30) 
New software product for warmblooded programmers - (2007-10-10) 
Well House Manor - feature comparison against the old place! - (2007-08-24) 
Object Relation Mapping (ORM) - (2007-06-09) 
Buffering output - why it is done and issues raised in Tcl, Perl, Python and PHP - (2007-04-06) 
Graham Ellis - an Introduction - (2007-02-05) 
One Thousand Posts and still going strong - (2006-12-18)
Some other Articles
Web Site Loading - experiences and some solutions sharedEffect on server when memory runs out and swapping startsTuning httpd / the supermarket checkout comparisonWhat a difference a MySQL Index madeHow was my web site compromised?A Presentation about our company - web and PHPWhy the Pony Tail?Why Choose Well House Consultants for your course?Learning to program in PHP, Python, Java or Lua ...Small Web Server in Perl