Its very hard to detect intrusions. what i would suggest is increase your security.
A good start is
here
This is free software and is designed for the whm.
running rkhunter is your best bet to see if you have been rooted i guess scanning any strange php pages is also a good start scan them with any normal AV like NOD32 etc, they will pick up any c99 shells.
Also in your security center (whm) there is a section which allows you to lock down services specific to a IP or IP range for example.
Only i can ssh to my server either from work or at home, only customers can FTP to the server if they have a dynamic IP thats fine as ive added the IP range.
If you would like any help send me a message and ill add you to MSN and talk you through various security messures you can take.