For the last few days, some jerk has been using the holes in my feedback mailform to send junk mail to hundreds of email addresses. He used header injection to create junk emails about shares and diet pills.
So, for the last few days, I've been trying to patch up the stupid holes that I'd ignorantly created in my PHP script. It's been so long since I did any development with PHP that it took me until today to plug the holes, and I'm still paranoid that the offender will find a way to break it again.
So I've written an account of the problem and my solution here:
http://www.bobulous.org.uk/misc/mailformAbuse.html
and I'm hoping that experienced PHP users can check out the page and let me know if any of the statements I've made are nonsense.
As I said, I think I've sealed up the holes, but this is serious enough that I'm looking for expert opinions.
