Hi -

I have had a message today from my hosting company to tell me that one of the sites on my hosting account is having it's php code abused. Apparently someone is manipulating the php code from the contact form to allow them
to add Bcc addresses.

Any ideas on what I need to do to close this loop hole?

Thanks.

Look for 'BCC' in the form submission data. If it's there, have the script die().

Look for 'BCC' in the form submission data. If it's there, have the script die().

You shouldn't just check for 'BCC' as many other email headers and the email body itself that can be "injected" into the email to be sent. Probably checking for newlines/linebreaks would be better.. ie: \r or \n

Agreed. :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.