My site is running 3.7.1 on a shared server at my host. I've received a couple bounced messages that are obviously spam and which were sent from my site. The X-PHP-Script header indicates that they're using /index.php. I checked the logs and found the POST requests to / for the IP indicated in the header.
I've blocked the IP, but if they can do it then someone else can. I've checked index.php, but it looks clean.
I'd like to see the full POST request, but not sure how to go about recording that.
Any suggestions on how to proceed?