i use a php script to send emails on several different websites (on different servers).

since saturday several of them have been used to send spam. seems to be gibberish and the hard-coded recipients that get tens and tens of copies of this rubbish.

more annoying than anything but i'd like to get it fixed just in case.

is there a way to make this more secure?

seems this is going around a bit.

i came across some discussion on this just this morning that explains the problem and gives the solution (well i've implemented it, now waiting to see if it protects me...).

Email Injection attacks (http://securephp.damonkohler.com/index.php/Email_Injection)

i won't blather on about what the fix is, better that anyone with the same issue goes direct to the people who know.

ps is it ok to answer your own posts ?

Originally posted by loki
...ps is it ok to answer your own posts ? LOL, yes. Sometimes these forums are . . . IHelpMe!

that questionable but slightly nice *smug* feeling has just been erased, the change i made didn't work!

from waht i understood of the solution i need to add $from=$_POST["sender"];
if (eregi("\r",$from) || eregi("\n",$from)){
die("Why ?? :(");
}

to my script.

i added it right at the beginning but that doesn't work. can someone tell me (nicely) where to put it?

(new script attached)

attached!