Hi -

I have had a message today from my hosting company to tell me that one of the sites on my hosting account is having it's php code abused. Apparently someone is manipulating the php code from the contact form to allow them
to add Bcc addresses.

Any ideas on what I need to do to close this loop hole?

Thanks.

Hi,

I don't know a solution for php but you need to add a line of code to check that the IP/ Referrer details to make sure that the form was sent from your site. It's a well-known security issue, hackers modify your form and use it to send out spam emails.

If you post the code, I can take a look and probably identify the security hole.

You should always cleanse user input before you do anything with it. I know a lot about SQL Injection attacks, but not a whole lot about contact forums attacks. It all depends on how your sending mail.

Most likely they are escaping your input starting out, then adding additional headers for the BCC, closing and sending.