Since all your domains are now hacked, all you can do is first, to track down, where and when that hacked started.

You can have these viewing all the access logs and errors logs that are in your server. Look for something unusual like an IP that always visits your site. Or a webpage that seems not a "true" webpage. Since these hackers like to make backdoors in your sites.

Once you have done this, and found out something, make a document for it and investigate on where the hack came from. So you can go after this guy.

If you have traced the guy who did this to all your domains, you can now rebuild all your sites, upload all the things that needs to be uploaded, I really hope you have a back up of all of these. Then, as a lesson, when you traced where the hack came from, you can learn from these where the vulnerabilities of the sites are. You can then apply patches, firewall is very important, also, another is, do these domains have systems or softwares that they use, like joomla, mambo, drupal?

When these systems are used, you can search for possible vulnerabilities and then search for patches.