First of all chmod 744 its NOT what you want. The point of chmod is to revoke access to other accounts on the system. Chmod 700 is far more secure than chmod 744. However Apache only needs the execute bit to run your php application.
chmod 500 -R /your/webroot/
chown www-data:www-data -R /your/webroot/
www-data is commonly used as Apache’s account which is used to execute the php. You could also run this command to see the user account:
`<?php
print system("whoami");
?>`
FTP is horribly insecure and it’s very likely that you were hacked from this method. Using FTP you can make files writable, and then infect them again. Make sure you run an anti-virus on all machines with FTP access. There are viruses that sniff the local traffic for FTP user-names and passwords and then login and infect the files. If you care about security you’ll use SFTP, which encrypts everything. Sending source code and passwords over the wire in clear text is total madness.
Another possibility is that you are using an old library or application. Visit the software vendor’s site and make sure you are running the latest version.