I run a dedicated server with WHM/cPanel CentOS Apache.
One of my accounts on cPanel have a WordPress site that some how got a virus. They use it to send mails / inject affiliate links etc.
I have ran AV scanners and also manually cleaned everything i can find, but the virus keep coming back. Is there any way i can log when someone uploads a file via PHP or even create or modify a file?
I have been going trough log files but i keep always seems to miss something so i want to try back-trace it and find the file they use to upload the PHP files with.