I setup a shared FTP account on my public server using ProFTPd. I locked the one user into the home directory (/home/username) and I connected using that test users credentials and it appeared to be locked. But I recently rechecked the account and I was able to explore the entire drive using an account that is used by many. I want to see what system files have been changed recently and what commands have been run. What should my course of action be? I am hosting 3 websites and running the ftp server on the same box. I have some sensitive information stored on this system and I'm very concerned.