I've got a sudden surge of spam originating from my BlueOnyx host. What's the quickest way to determine which user account was compromised, and/or if the origin is a compromised script running on a website?