I setup a shared FTP account on my public server using ProFTPd. I locked the one user into the home directory (/home/username) and I connected using that test users credentials and it appeared to be locked. But I recently rechecked the account and I was able to explore the entire drive using an account that is used by many. I want to see what system files have been changed recently and what commands have been run. What should my course of action be? I am hosting 3 websites and running the ftp server on the same box. I have some sensitive information stored on this system and I'm very concerned.
Follow Falkos tips and have you chrooted ftp users to their home folders? What shell have you assigned to them?