The site alterations may or may not be visually obvious.   Malware may be installed to be inadvertently downloaded by visitors to the site.   Exposure of confidential or private information may also be involved.   Further, the data may be cache in the lookup directories of search engines. 

The underlying cause may be unintentional installation of a private file in a web area, an intrusion due to flaws in the underlying operating system, errors in configuration of the web server or  vulnerabilities in the web application itself. 

Remediate as an intrusion and a malware infestation, followed by hardening the application.  Review the Compromise of Confidential or Sensitive Data and Removing Information from Search Engines.