Thanks for the answer. And so, how exactly did they get to that configuration.php file?
There's plenty of ways attackers can compromise your stuff. Your web app was vulnerable, your network was vulnerable, you're running outdated software, etc. If you're on shared hosting, I agree with the other poster -- talk to your host first.
The important thing is that if you don't identify how they get in and close it up, it'll just happen again. Until you can do a full code audit for other potential changes they made, you can't really trust your website and should still consider it compromised.