Epic stories:
Someone with access to ftp caught a Trojan.
Someone who saved the authorization data in the ftp client leaked (for example, caught a Trojan again or shared Program Files on the network)

Is there an option to disable ftp forever and always use ssh?

Once we were also hacked through proftpd, malicious scripts were introduced into the site. And they hacked not by brute force, we have complex passwords.
We switched to vsftpd, since then we have not broken it yet.

This is most likely an automated bot that infects websites via FTP. Logins-passwords are stolen by the Trojan.

This happened to me too today. Exactly the same modification of files.
A few days earlier, Windows 8 defender had removed the virus. Apparently just the same virus stole the passwords.
The passwords were stolen, not brute-forced. the hoster sent logs, there are only my failed login attempts.
Theoretically, after all, you can contact the police for such reasons? For the sake of sports interest, I wanted to write a statement. Purely to find out what they are doing in this case :)
Oh, and the hassle was with changing passwords on everything and everyone, damn it. Post offices, websites, banks, etc.

Are the sites using Basic HTTP Authorization?

What version of Joomla are you using? Not so long ago, the site was hacked through a crooked applause in Joomla.

How many times have people been told, don't save passwords on ftp, don't save them, all trojans first of all climb and pick them out, no, they save them anyway. Well don't complain now.

Well, as always, passwords with a computer Trojan were stolen from someone, 99 percent of cases are like that.

The guys from exploit.in probably did their best. (joke).
Most likely they stole passwords from the computer, of course.
But sometimes it just happens that a vulnerable version of FTP is worth it. You can check here https://www.exploit-db.com/