Either your FTP password has been cracked or the file permissions are set wrong. Never set chmod to 777.
There are numbers ways to hacked a website that it has week security like using raw DB query without prevent SQL Injection.
I suggest you should using eloquent model for insert and select data. In addition, you shouldn't run a production website with dev mode. Finally, give your server a strong FTP/SSH password, and like @scosec said, never set chmod to 777.
Anyway, I deeply sorry for bad situation you've gotten.
Sign in to participate in this thread!
We'd like to thank these amazing companies for supporting us