Script kiddies quite like to abuse some of these functions amongst others:
show_source, system, shell_exec, passthru, exec, popen, proc_open
Stop them in their tracks by securing PHP in DirectAdmin:
cd /usr/local/directadmin/custombuild/
./build secure_php