Alex, unless you're a full-time security person, doing forensics on stuff like this is a waste of your time. Running WP 2.5, which is 3 years old, is just asking to be pwned.
A few simple rules:
- Be very conservative in what types of files you allow users to upload to your site. Best choice is "none".
- Keep current, tested, off-site backups of everything.
- Use/require good passwords for all accounts.
- Keep your software up-to-date,
- And, if you're the sysadmin, don't expose any services you don't have to (I normally limit it to ports 80/443 for web, and 22 for SSH).