@Chris, done
@Robbo. Maybe, but…
I have no passwords, they're disabled and prohibited: all authentication is done with SSL keys.
I have no traces of logins other than mine.
I've changed admin accounts passwords, but are they able to change php-files a all?!
I've done recursive directory diff...