This morning before heading off to work (yes I know it is a saturday) I decided to check my email quickly only to discover that the band website contact form had been attacked (or at least tried). Luckily they were not successful because I had none of the form variables going into the header of the mail but still opened my eyes to another vunerability that I have now fixed on all my mail forms. The positive side of the internet meant that I was able to find out a lot more information from searching. Here are some good reference points for anybody that needs to protect a mail form.
http://www.anders.com/cms/75/Crack.Attempt/Spam.Relay – This is the first blog that I came came across. It has a useful description of what is happening and lots of comments.
http://www.anders.com/projects/sysadmin/formPostHijacking/ – The first site nicely summed up into clearer information (from the same person)
http://securephp.damonkohler.com/index.php/Email_Injection – A description on how to prevent email injection in php.
www.php.net also has useful information in the comments of the mail function.
I am hoping that since the attack was not successful the spam attempts will stop. The last thing I want to do is build one of those type the letters from the picture things for a community bands contact web form.