Quote by: ismael
Do you know if the uploaded files only can be uploaded to the public_html/images directory or it is possible to upload to any other directory?
when the hacker can create a folder call "images" in your main public directory with the permission of 777 than they can change your site code and every thing. latter on your site will not show your index page but it will show the attacker home index page.
now I guess attacker still practice to hack the small site first, than the big next target site we don't know.
PS. your situation same as me.