I am using hostupon.com shared hosting for 5 domain names.
File structure I can see from winscp ftp tool is:
public_html folder with each domain name in its own folder
Most are just index.php and a one other page.
I deleted most of data because I noticed php files with strange file names that I did not create.
Also there are additional words in index.php.
So I made index.php very simple 1k in size.
I know this isnt the answer how to fight viruses.
But can you tell me how to create a log file that lets me know ip address of whoever is editing files and time edited.
Ideally one file in public_html instead of 5 in each domain name folder.