[eluser]Unknown[/eluser]
[quote author="Dam1an" date="1246625511"]What sort of changes are you talking about, malicious ones?
Have you checked the access logs to see what users accessed the server just before the file was last modified
As a precaution, if you do think the account was hacked, change all your passwords (inc db)[/quote]
Server has only WEB access for public. Also don`t have FTP access, only SSH access for developers. Also developer can access to files only via sudo, so i check all logs and i think changes can be done only via WEB.
Changes - we customize htaacess file and comment default rewrite rules, so yesterday they was uncommented. I check WEB logs and dont see any GET request to change htaccess file. So i think it can be done only via POST request.