Tweet
Over the past couple of hours we have seen over 15 different PHP based e-mail forms exploited to send spam from 15 entirely different domains. Each is being suspended as a result of this. Please be absolutely certain that any PHP e-mail forms that you may have running are coded in such a manner that they are secured from being used as a spamming tool.
-
-
Can you give us direction in what to look for ... it would be a great helpCheers,
Gary
(This space for rent) -
It's all being done through header injection. If you are using any variables in your PHP e-mail forms you need to check them for headers that might be injected into them (to, cc, bcc, etc.).Comment
-
Comment