In the long term, you should probably migrate to the latest version of Joomla e.g. Joomla 3.x.
A short term fix would probably involve most or all of the following:
- Clean up the current website. An efficient and effective way to do this is to use the tool from Phil Taylor at http://myjoomla.com. Your first audit is free.
- Change Joomla administrative user accounts, cPanel and database passwords to new and strong passwords.
- Update the website to Joomla 1.5.26.
- Apply security hotfixes for Joomla EOL versions where applicable.
- Update all third party extensions to the latest versions and keep them up to date.
- Check for and remove any vulnerable extensions: http://vel.joomla.org
- Subscribe to the Joomla Vulnerable Extensions list so new vulnerabilities can be quickly attended to.
- Remove any unused third party extensions.
- Disable or remove unused user accounts.
- Where possible, minimise the number of third party extensions.
- Where possible, use the most popular and best supported extensions.
- Use a good quality web host that are serious about server security.
- Don't rely solely on your web hosting provider for a backup.
- Perform regular backups of the website and copy them off-site.
- Consider security enhancements as per the answers already provided here although the above is usually sufficient to keep a Joomla website secure.
Run through the same procedure for any other websites that share the same web hosting space.
You might also review security on your own computer and any other administrator computers as it's possible hackers may have intercepted an FTP password (or similar) from the FTP client on your computer etc.