Hacking Problems

Hello,
My question is I have a web host who is having some major problems with some sites that are getting hacked (he is running Fedora) however we have not been able to find out what site in specific it is that is being targeted. Can anyone give some advice on how we could track this site down? From what we can tell is someone is uploading something to the site giving them access to crash apache as it seams apache is the one that always goes down first.