One of the biggest problems with shared hosting is that PHP runs as the web server user rather than the user assigned in the virtualhost (unless your running PHP as CGI). This is a huge problem because when a site is compromised and a attacker is using your server to spam it can be very difficult to track down what site/script/page is causing the problem.


The solution is a patch located at It modifies php’s mail.c file so that when the mail function is called from the web that it stores the following information.

X-PHP-Script: for

in the headers so that when a spam report does come in, you can easily track where it came from.

Below is a how to for cPanel servers that shows how you can implement this patch.

Run the following as root:

PHP Code:
mkdir -p /var/cpanel/buildapache/scripts
cat >> phppost << EOF
PHPVER=`find -type d -iname "php-*"|sed "s/.///g"`
patch -p0 < $PHPVER-mail-header.patch

Once that’s done, run

PHP Code:

like you normally would.