Over the past week or so I’ve been the unfortunate bearer of email injection attacks on two of my sites. It’s no fun I can assure you!
So, I’ve had to search for anything that can help me overcome these nasty so and so’s. That’s when I came across an article called Email Injection – SecurePHP.
While it does explain how the spammers were able to exploit the contact forms on my sites, it’s example of how to stop it from happening doesn’t seem to have worked. I implemented the neccessary changes last nite, but first thing this morning I received the same junk emails in my inbox – which suggests I’ve not stopped the rot :(
I’ve also tried this suggestion on the PHP site, but I don’t believe that has worked either. Maybe I should give it a few days to see for sure.
* Fingers Crossed *
Update
The spam emails seem to have stopped from one domain but not the other, which is strange considering I implemented the same filter on both forms. So more searching was required to find an alternative solution. That’s when I came across this piece of code, which I hope will put an end to these email injection attacks once and for all.
* Fingers Crossed Again *
Update 2
Well, the last change seems to have done the trick. I haven’t received any more spam emails from my own forms. I just hope posting this update doesn’t put a curse on me :D