Our hosting company has just dropped the following bombshell which has broken our website:
" A major limitation of the Apache 1.3 + mod_php combination is that PHP scripts execute under the web server UID ('www'), which is system-wide. This allows spammers to send totally untrackable spam through vulnerable PHP scripts (the UID in the header shows up as 'www')."
Until setuid execution is available for Apache+mod_php (which should occur when the Apache2 module mod_perchild is stable), the mail() function is only available with the CGI version of PHP, which allows proper tracking."
I understand about executing php as a cgi script from the command line, but I am sending mail, using php mail(), as confirmation of a competition entry from the middle of a php script that does a load of other things as well, so what is the easies way of fixing this problem and getting the site back online?
Your help would be much appreciated!
Phoebe.
