I have had this before and do not understand how they are able to access this information?

I have contacted my host and told them the first time this happened and this time also. They only come back with we have suspended their account and you shall not face this issue again, but this is the second time now.

The site that is taking advantage is:
http://www.baleaco.com/.data.php

Looking at DNSstuff.com they only registered their site in Dec 2011 !

What should be host be doing to prevent these attacks?