Hard to say exactly how they get modified as there are many ways.
First they have to gain access to your files, in some cases it is out of date content management software, which has a vulnerability that can be exploited. You have to ensure that the software in use on your website is fully up to date, closing any vulnerability. This may be your responsibility or your hosts.
There could be a weakness in your host, where others can access your control panel and or bypass your hosts security. It would be wise to change your site/control panel passwords, etc.