I run a dedicated server with WHM/cPanel CentOS Apache.
One of my accounts on cPanel have a WordPress site that some how got a virus. They use it to send mails / inject affiliate links etc.
I have ran AV scanners and also manually cleaned everything i can find, but the virus keep coming back. Is there any way i can log when someone uploads a file via PHP or even create or modify a file?
I have been going trough log files but i keep always seems to miss something so i want to try back-trace it and find the file they use to upload the PHP files with.
Use wordfence security plugin that will scan your whole wordpress site and also stop any type of injection. You will not face any trouble after this.