Iframe injection

I just cleaned up several instances of this pest. I have changed my password and taken the pledge to never use plain old ftp ever again. So…

What can I do along the lines of early detection? Can I run something like Tripwire as a shell user?