My site has been hacked - is there a way I can find out to what extent and by whom?
The root password has not been changed.
Before anyone can give you help you will need to provide some more Information. For example how do you know your site has been hacked? what has be done? what specificity is the problem?
Have you looked in the logs for the site that has been hacked and the server generally to see what the logs can tell you?
If you are sure that the hacker has used the root password to get in change it imminently to a much more secure password more that 8 chars with a mix of numbers and upper case & lower case letters.