Was my Drupal install hacked?

I have Drupal 6.10, SFM Forum, and Wikka Wiki installed on my server. Over the last two weeks I have seen a reoccurring issue. At the same time every day (3:02am) files & folders that are artifacts of public_html are rewritten to the server. They are blank files titled "default.html", they are 0 bites in size and they cannot be deleted by the primary login account (though they can be renamed). This causes a problem because the path created is the same as paths defined in Drupal, and so it causes 403 errors. Might be worth noting that not all paths created in Drupal are having corresponding files written to the server nightly, only ones that were in public_html and have recently been deleted.

I talked to the support team where my server is hosted (Bluehost), since originally I thought it was some backup script running on their part. This was their assessment: "This is generally caused by a hack. Your account is especially vulnerable when using old versions of Drupal or other scripts." I am not running an old version of Drupal, but the suggested, post-install, security precautions were never taken. Such as deleting install.php and changing write permission on the settings files. I am leaning towards the idea that my Drupal install was messed with.

Can anyone provide any incite that might be helpful to me? Is it a Drupal "hack" that is documented somewhere (preferably with documentation on how to fix it)?

Thank you.
~Lindsay