- Check if anyone is trying to brute-force your FTP server. You can ban IPs and range of IP. You can also more or less find the IP country with this website http://fr.geoipview.com/
- Check the web logs, particularly the POST request, check which files are receiving the requests. Check if these files already existed before
- You can block the IPs by asking your hosting company and also in your htaccess.