Thanks for the speedy reply!
I've contacted support, suspended http service to the domain in question and am downloading the sites logs.
Its a site based on PostNuke .750, so its running scripts, but they should be fairly current. The site was rebuilt from an older version of PostNuke(.721) and went live about a month back.
I don't think I've accessed any of it from a public network, but I'm changing all the accounts to be safe.