We're offering a shared web hosting service, where many websites live on the same server.
Since a lot of people don't update their stuff, they get pirated all the time. Now, the websites are compartmentalized, so a pirated site doesn't spread to another one. But still, it is annoying: pirated sites sometimes attack sites elsewhere, or send spam, and then our whole server get banned.
I saw that Wordpress has plugins which scan a website and detect potentially fraudulent code. Is there something (ideally open source) that scan PHP and JS files in general?
I noticed that websites get hacked months before the hack is "activated", probably to make sure that all backups are also infected. It would be nice to detect the hack before it starts attacking.