Welcome to reality. Your sites got hacked because you completely failed to take any precautions. Running such old and vulnerable versions of WordPress is simply asking for this to happen. Given the invitation you've created don't be surprised when people come to the party.
I suggest you either put some effert into your web sites or stop playing at being a webmaster and get someone who knows what they're doing to manage your systems and ensure all reasonable safety measures are implemented, including upgrading as necessary. There's more to a web site than just throwing a prepackaged version of software on it, typing some content and sitting back.