Codeigniter 2.1.4 application got hacked?

Codeigniter 2.1.4 application got hacked?

A strange thing occurred today. I have made a CI based site, and a hacker
managed to:
Overwrite my index.php file by making a file upload to root;
Inject code direct into my index.php replacing everything with a dummy
html formatted page;
I don't know which of the above actual occurred.
The site is quite simple (no input forms, no db ecc.), I started
developing it with CodeIgniter since client didn't know what he wanted, so
I ended up using the framework just for templating and compressing.
I have strong doubts whether a security hole was offered to the hacker on
the PHP side. I am incline to believe the issue is from my hosting service
bad server configuration (I had a bad chat with them, they say they will
look into it)
I find it very curious that only the index.php was (apparently) modified
(application and system are also in the root since I do not have FTP
access above, maybe if I were an hacker I would have deleted any file in
root before allowing my fancy index to showy perform)
How did this happen? What do you think is most likely possible?