log file of who is editing files

I am using hostupon.com shared hosting for 5 domain names.
File structure I can see from winscp ftp tool is:
  public_html folder with each domain name in its own folder
Most are just index.php and a one other page.
I deleted most of data because I noticed php files with strange file names that I did not create.
Also there are additional words in index.php.
So I made index.php very simple 1k in size.

I know this isnt the answer how to fight viruses.
But can you tell me how to create a log file that lets me know ip address of whoever is editing files and time edited.
Ideally one file in public_html instead of 5 in each domain name folder.
LVL 1
rgb192Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
If your hosting company allows FTP... I question their competency + sanity...

Only SFTP (secure FTP) should ever be run at this point, else anyone listening on the line can scrape your logins (and everyone else on the machine), then login + make changes however they like.

Suggestion: If your hosting company runs FTP, change hosting. This is the only way to keep from getting hacked.

Look into fixing your problem after you've changed hosting, else the problem will simply reoccur.
0
RobOwner (Aidellio)Commented:
Do any of the sites run a database? What kind of processing on input variables is done in the PHP?
You may be subject to injection attacks...e.g. end users submitting php code in some of the forms and the PHP not sanitizing the input and essentially allowing the php code to run and do things like create files.
0
rgb192Author Commented:
ftp
database
2 wordpress sites
but I temporarily removed 1 wordpress site
0
RobOwner (Aidellio)Commented:
I suggest you go through the database tables looking for suspect content.
These injection attacks work by inserting code into the database and when pages are accessed, run that code which generates files...
Best to restore from a safe backup...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rgb192Author Commented:
thanks. I deleted files so problem is gone
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.