I believe I fixed the problem by replacing the index file with a backup, but should someone look at the logs and see what was exposed to allow for this? I am not sure how to do that. Someone from my site said this about the hack:
Sanalkurt is a rather prolific web site defacer, but really just a php script kiddie. Check the access logs to find what he exploited to do that.