Someone was sending email from my server using the 'nobody' account. I stopped the user 'nobody' from being able to send emails in WHM. He is still sending the emails but now they are being bounced back to me.
I know the directory that he is sending from (I think). I have no idea which file it might be. It would be a PHP file. The website is a game website. I have compared my local drive to the server drive and no new files are there and no new dates. How can I find the file he might be using? Thanks for any help.