I was hacked also, something to do with awstats though, not wordpress. I logged into shell and ran a series of commands to fix things which I have given templates of below and changed my shell password from the dreamhost control panel. Depending on when you see this message you may have to change nightly.0 to night.1 or something else. See here for info >> https://panel.dreamhost.com/kbase/index.cgi?area=2585&keyword=restore
It’s very combursome to go through all the folders for my domain (and I only have one) and issue these type of commands for them all. Anyone good at shell, I wonder could we write a script to restore everything recursively, as all the index.php,html,shtml etc were changed at the same time. 18:28 on the 28th Janauary.
cp ~/.snapshot/nightly.0/yourdomain.com/index.html ~/yourdomain.com/index.html
cp ~/.snapshot/nightly.0/yourdomain.com/yourfolder/archive/index.php ~/yourdomain.com/yourfolder/archive/index.php
cp ~/.snapshot/nightly.0/yourdomain.com/yourfolder/index.html ~/yourdomain.com/yourfolder/index.html
You will have to first remove all your index.php,.shtml,.html etc before running commands like this.
http://www.akamarketing.com - Over a year with dreamhost, happy man!!!