Hi guys

Just been looking at the usage log on one of our XOOPS websites and it appears that sendmail.php is being directly accessed in an attempt to send spam.

Our script has been modified slightly so it only sends mail out to the site admin - it's used as a "contact us" script - so the site admin is getting LOADS of SPAM e-mail. The source IP's are from all over the world, so it seems to be a botnet.

Is there a simple way of changing the script so that it checks if the script is being accessed by clicking on a link on the main page, rather than blindly accepting messages from any source?

Here's our sendmail code: -

$email = $_REQUEST['email'] ;
$message = $_REQUEST['message'] ;

mail( "admin@DOMAIN.com", "Feedback Form Results",
$message, "From: $email" );
header( "Location: http://www.DOMAIN.com/register.php" );
?>

Thanks in advance for your advice guys.

Cheers

Sean

why you don't use the simple tiny "contact" module or a better one "liaise" ? or the best IMHO "xhelp" as a help desk

I think that you can achieve this with a .htaccess file.