Regardless the size of your member base, it is definitely good practice to check in on what your users are doing. Some like to pretend they are naturally doing the right thing. Other instances, honest clients will make an honest mistake.
If you have root access to your server and are running RedHat, I periodically check the /home directory to the server and individually check each account (even if it takes 3 weeks to get it done).
If you would like to take a quick peek at a users activity run the following command (if they are actively logged in with FTP, SSH, ect)
ps -fu theirusernamehere
So if you do ps -fu root you will be able to see all your activities, commands, processes ran for the user root. This command is also ideal for locating a users PID# in the event you need to kill their activity on the spot. Most excellent for killing inactive users.
Regularly run the "top" command or "top -c", look for things out of the ordinary. If you see the user "nobody" (Apache) running a process you are unfamiliar with investigate it.
Make a routine habit of checking your server's temp directory (usually /tmp)
You can find all sorts of valuable info there. In stereotypical cases you will find eggdrops, ect housed in the temp.