Since about a week we have been getting LOT of complaints from our datacenter about a few of our webs holding phishing pages, shells, deface pages etc etc. I have tried clamav, maldet but they don't seem to help a lot.
I just got another complaint. The site is not EXACTLY defaced, but it has a "hacked" page uploaded inside
Not to mention the site is using wordpress. My question is, how can I check when and how this file was uploaded?
And what can I do to prevent these things?