Recently, I've had more than one occurrence of files being messed up due to bad uploads from users on a cpanel server running pure-ftpd.
Here is a simple one liner to get a report of uploads:
/bin/grep pure-ftpd /var/log/messages| grep upload | grep -v <trusted ip address>"trusted ip address" would possibly be your own.
I put the above on a daily cron and keep an eye out for user uploads.
