I will give it a try later today.. Sure it was done through the form and not through FTP?
Nearly positive. I was told by the hacker it was done through the login form. First he modified the login page, then probably grabbed my SQL login through a similar manner.
Or... that's just a red herring. I highly doubt a SQL exploit can modify web pages.