{"id":3509,"date":"2009-02-27T18:08:55","date_gmt":"2009-02-27T23:08:55","guid":{"rendered":"http:\/\/underhost.com\/blog\/?p=3509"},"modified":"2025-03-07T08:19:04","modified_gmt":"2025-03-07T13:19:04","slug":"track-mail-php-run-nobody","status":"publish","type":"post","link":"https:\/\/underhost.com\/blog\/track-mail-php-run-nobody\/","title":{"rendered":"Updated MARCH 2025: How to Track PHP Mail Function Usage on Shared Hosting"},"content":{"rendered":"

Problem: Tracking Spam Emails on Shared Hosting<\/strong><\/h2>\n

\nOne of the biggest challenges with shared hosting is that PHP runs under the web server user instead of the actual account owner (unless PHP is running as CGI or using suPHP).\n<\/p>\n

\nThis creates a significant problem when a website is compromised and used for spamming. Since all emails originate from the same server user, it becomes difficult to track down which website, script, or page is responsible.\n<\/p>\n

Solution: Add PHP Mail Headers for Better Tracking<\/strong><\/h2>\n

\nA simple solution to this issue is applying a patch that modifies PHP\u2019s mail.c<\/strong> file. This patch adds an X-PHP-Script<\/strong> header, which records the exact script location from which an email originates.\n<\/p>\n

\nFor example, when an email is sent, the header will contain:\n<\/p>\n

\nX-PHP-Script:<\/strong> www.example.com\/~user\/testapp\/send-mail.php<\/a> for 10.0.0.1\n<\/p><\/blockquote>\n

\nThis information allows you to quickly track down spam sources and take necessary action.\n<\/p>\n

How to Apply the PHP Mail Header Patch on cPanel Servers<\/strong><\/h2>\n

\nFollow these steps to implement the patch on a cPanel server:\n<\/p>\n

Step 1: Create a Patch Script<\/strong><\/h3>\n

\nRun the following commands as the root user:\n<\/p>\n

\r\nmkdir -p \/var\/cpanel\/buildapache\/scripts\r\ncat >> \/var\/cpanel\/buildapache\/scripts\/phppost << EOF\r\n#AUTO PATCH FROM http:\/\/choon.net\/php-mail-header.php\r\nPHPVER=`find -type d -iname \"php-*\"|sed \"s\/.\/\/\/g\"`\r\nwget http:\/\/choon.net\/opensource\/php\/$PHPVER-mail-header.patch\r\npatch -p0 < $PHPVER-mail-header.patch\r\nEOF\r\n<\/pre>\n
Step 2: Rebuild Apache with EasyApache<\/strong><\/h3>\n
\nOnce the patch script is created, rebuild Apache using EasyApache:\n<\/p>\n
\r\n\/scripts\/easyapache\r\n<\/pre>\n
\nThis will compile PHP with the new mail header patch, allowing you to track the source of emails sent via PHP\u2019s mail function.\n<\/p>\n
Additional Security Tips<\/strong><\/h2>\n