Posted by news@celticbear.com on 01/25/06 17:08

Recently found out AOL has blocked our company's IP for e-mail for
spam. We don't send spam.
So I had our server host check it out, and they said huge amounts of
spam are being sent through us via a compromised PHP script we have for
a Web support form.

How is this possible? How can they do this? We validate if certain
fields are blank, what else can we do to prevent someone from using our
PHP pages to send spam?

I don't know if it helps, but here's the last few actual lines we use
to send the mail on that page in question:

$msg .= "Problem:\n";
$msg .= "$problem\n\n";
$mailheaders = "From: (our domain) Support\n";
$mailheaders .= "Reply-To: $useremail\n\n";
mail("customerservice@(our domain).com", "Customer Service", $msg,
$mailheaders);

Thanks for any help, even if just a link to a site that can help.
Liam

[Back to original message]