There is an easy method to find spammer php script in your home path. Directadmin logs these spammer scripts which are using phpmailer or similar things. To find this:

  1. Go to your home path
  2. cd /home
  3. Find your log files
  4. find ./ -type f -size +1k -name "php-mail.log"

    After this find operation, you can see your log files. It means, users that have this log file are could be the potential spammer.

  5. Tailf your log file.
  6. tailf /home/user/.php/php-mail.log
  7. You can see spammer scripts.!!
  8. mail() on [/home/user/domains/domain.com.tr/public_html/modules/mod_users_latest/files.php(1947) : eval()'d code:775]: To: user@hotmail.com -- Headers: Date: Sat, 28 Jan 2017 15:51:47 +0300 From: Flora  Message-ID: <3f796c9fb6de893f060882897f360bea@domain.com.tr> X-Priority: 3 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_3f796c9fb6de893f060882897f360bea" Content-Transfer-Encoding: 8bit
  9. Remove this peace of shit.
  10. rm /home/user/domains/domain.com.tr/public_html/modules/mod_users_latest/files.php

    You can easiliy get rid of these spammer scripts using this method. Don’t forget to clear your mail queue after this operation.