Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP FormMail Exploited

Discussion in 'E-mail Discussions' started by metal_cd, Nov 18, 2005.

  1. metal_cd

    metal_cd Member

    Jan 21, 2004
    Likes Received:
    Trophy Points:
    I have recently had spamming problems because of formmails written in php that use the mail() function. They do not have enough checks written into them and spammers can post to them and send out TONS of mail. They post in to the form submission a 'BCC: (ton of addresses)' and it sends to them.
    I guess I can rewrite the script to not send out to bcc: but who is to say there aren't a ton of other scripts that can do this same thing, I do not want to spend hours first finding then changing all of these scripts. Is there not a way I could globally disallow the sending of mail through php mail() to bcc: (without just shutting off php mail() to all scripts) ?

    Here is the php sending line;

    mail($recipient, $subject, $body, $mailheaders);

    Does the 'bcc: (ton of addresses)' have to be in $mailheaders for this to work for them?
  2. Marty

    Marty Well-Known Member

    Oct 10, 2001
    Likes Received:
    Trophy Points:

Share This Page