Today my server was attach throught RD php. :'( In other words on server was uploaded little script, that was generating spammmails. I cannot find out why has this happened, so j just report, for other to check
On path /dev/shm is deployed boamail.tgz which is then extract to boa folder. Inside there are script to genereate mails, email addreses, ...
On path /home/ftp/public_html was somehow (i think my mistake) uploaded php scrpit (a.php) that can execute shell programs.
So far i won't directly blame on RD, because all of situation. But it would be fine to give little attention to this.
If i can provide any futher info, please ask.