Hi -

I have had a message today from my hosting company to tell me that one of the sites on my hosting account is having it's php code abused. Apparently someone is manipulating the php code from the contact form to allow them
to add Bcc addresses.

Any ideas on what I need to do to close this loop hole?

Thanks.

That's a common exploit as many people don't secure their contact forms. Basically what is happening is that the exploiter is adding extra email headers to your message. This is caused because of a lack of security on your part.

Check the user input with regex to make sure that the email and other information has a a valid format and doesn't contain any special markup (such as \r\n).

check access and if file is exe. also there are tons of php checkers online

This is not a problem relating to viruses, trojans or EXEs. The script was just exploited through a web browser by variable injection.

Here'a a really good article that explains the problem and suggests some solutions: http://www.securephpwiki.com/index.php/Email_Injection

That was happening to me ALL the time for a contact form I had on one of my sites. Thanks for the link, Ack.

Yup. Spammers love it, it is like hitting gold for them. They use a few search queries for common things included in contact forms, see if they allow for simple injection of their own addresses, and suddenly your site has become the gateway to millions of spam e-mails.

It is actually a bit more severe than it sounds, you can easily get your mail server blacklisted because of it.

Hi, I am not too familiar with the form securities but I have heard that your form should do a stripping of characters that aren't allowed. There are even some free scripts that you can get that have this security measure in them.:tooth:

Kalpa, post the code in question and I'll take a look at it for you.

yeh post the cde so we can have a look at it
Alex.