[CentOS] security breach - ftp?

[John Doe]

From: Philipp Duffner <philipp at phphaus.com>

> ...so I thought! Today the website got hacked again - the same exploit on
> the pages, meaning same attacker.
> And again I can see nothing suspicious except for the successful FTP logon
> just before the modification time of the infected html/php:
> ...
> I know for a fact it couldn't have been the website owner because I 
> didn't give him the new FTP password yet.

How did you change the password?  Remotely?
Did you check your own PC?

JD