Additional remark.
After a while, I figured out they probably didn't insert the extra
receivers via the email message ($r) --although they tried that too, had
to sort out hundreds of log entries-- but through the from/email variable.
There was a problem with the validation of the from-address in
Package: php4
Version: 4:4.3.10-15
Severity: normal
Last weekend, we noticed some attempts to abuse on of our mailforms.
Analysis of our mail logs showed some mails where sent through a php script.
As the "To" field was hard coded in the script and register_globals was off,
the spammer must have u
2 matches
Mail list logo
