I honestly can't tell what might be responsible, but I am uploading a certain oauth plugin. Then on runtime, some of the php files are being removed, it seems to be the ones that contain unicode encoded strings and class names, e.g:
class Mo_Oauth_Constants
{
const SUCCESS = "\x73\x75\x63\x63\145\x73\163";
const FAILED = "\x66\x61\x69\x6c\x65\x64";
const USER_TRANSCATIONS_TABLE = "\167\160\x6e\163\x5f\164\x72\x61\x6e\x73\x61\x63\x74\151\157\156\163";
}
... but it could really be anything. Does anyone have any ideas what might be removing php files automatically? Is there something in Wordpress that checks for potentially vulnerable files and cleans them up? Or is it more likely to be a server clean up?