I m spending my last 7 days on FTP moving files and importing 40 wordpress websites.
So i noticed that wp-config.php was edited at 12:47 and i know that i didnt edit it at that time. So i knwo somethign is going on, so i check the wp-config.php and i see someone changed my password.
Then i go check other wordpress folders and i see that all passwords are changed at same time and all wp-config.php is edit at same time.
Then i went to phpmyadmin to login with my old password, didnt work. then i used the new password from wp-config.php and i m in.
BTW database is clean and nothing is hacked (yet)
Exact time is yesterday 12:47 GMT+1.
No i dont have server log or i dont know where to look (i m on Godaddy shared hosting) But owner/group that eidted wp-dongfig.php is me.