Hijacked Mail Script
Posted: Thu May 11, 2006 2:37 pm
I have been using a mail script that sends an email with all the form data from HTML forms. Now, 2 of my clients have reported getting hundreds of bouncebacks of someome who is hijacking the script to send spam emails. The mail script is extremely simple, which is obvious why it got hijacked. I was wondering if you guys could assist me in stopping this, and ASAP...
heres the code:
heres the code:
Code: Select all
$to = $_POST['recipient'];
$from = $_POST['email'];
$subject = $_POST['subject'];
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// Additional headers
$headers .= 'To: Name <'.$to.'>' . "\r\n";
$headers .= 'From: '.$_POST['name'].' <'.$from.'>' . "\r\n";
//Go through eveything in the POST to output
foreach ($_POST as $key =>$value)
{
if (($key != "recipient")&&($key != "subject")&&($key != "redirect")&&($key != "submit")&&($key != "THANKURL"))
$message .= $key.": ".$value."<br>";
}
mail ($to, $subject, $message, $headers);