Outgoing Spam via PHP Scripts


Jan 11, 2017
South Carolina
cPanel Access Level
Root Administrator
I have 2 accounts on my VPS (which I own) that I'm having problems with. Every day, a new PHP script is uploaded to a different directory in these 2 accounts. That file sends out hundreds of emails before i find it and remove it.

So far, I've:

- Disabled FTP on both accounts
- Checked SSH history (its disabled except for root)
- Changed the cpanel password.

They occasionally use the DEFAULT cpanel email to send outgoing email as well.

1. How else could someone be uploading these scripts?
2. What else can I do to track down who or what is doing this.

Thanks in advance