[CentOS] security breach - ftp?

Tue May 21 12:05:17 UTC 2013
John Doe <jdmls at yahoo.com>

From: Philipp Duffner <philipp at phphaus.com>

> ...so I thought! Today the website got hacked again - the same exploit on
> the pages, meaning same attacker.
> And again I can see nothing suspicious except for the successful FTP logon
> just before the modification time of the infected html/php:
> ...
> I know for a fact it couldn't have been the website owner because I 
> didn't give him the new FTP password yet.

How did you change the password?  Remotely?
Did you check your own PC?