CWP is automatically saving to the log when PHP is sending mail using mail() function.
This allows you to easily track a spammer by checking the log file.
Minimum supported PHP version is: PHP 5.3
CWP will add a header to mail source for all outgoing emails sent by PHP scripts.
Here is an example of the mail source:
** The number 505 is the user UID from /etc/passwd, the file.php is the script sending the mail.
You can find a more detailed logs on the server.
An example of log in the: /usr/local/apache/logs/phpmail.log
mail() on [/home/USERNAME/public_html/wp-content/file.php:83]: To: email@example.com -- Headers: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed; delsp=yes Content-Transfer-Encoding: 8Bit X-Mailer: Drupal Sender: firstname.lastname@example.org From: email@example.com
Don't forget to install mod security with automatic update of rules within you CWP to prevent any further hacking of your sites.