Help me secure this php sendmail script?

Hello,

I've run a dedicated server for over a year now, and I received an email from SpamCop saying somebody dobbed me in for spamming.

It would appear somebody has worked out how to spam via one of my customers sendmail scripts.

Here's the script:

Code: 
<?
 
$body = "
Name:       ".$_POST["name"]."
Company:    ".$_POST["company"]."
Position:   ".$_POST["position"]."
Email:      mailto:".$_POST["email"]."
Phone:      ".$_POST["phone"]."
 
Comments:
".$_POST["message"];
 
mail( "info@mycustomer.com", "Contact from www.mycustomer.com - ".$_POST["company"], $body, "From: ".$_POST["name"]."
<".$_POST["email"].">");
 
header( "Location: ../thanks/" ); 
?>
They seem to have done it via the BCC field, here's the headers from the actual mail:

[code]

To: x
Subject: Contact from www.mycustomer.com -
From: state@myserver.com.au
Content-Type: text/plain; charset=\"us-ascii\"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: Could you stand to lose 10-15 pounds of fat?
Message-Id: <E1Eg_________Q-N3@myserver.com.au>
Date: Tue, 29 Nov 2005 05:54:22 +1100
Name: state
Content-Type: text/plain; charset=\"us-ascii\"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: Could you stand to lose 10-15 pounds of fat?
bcc: blksxy1@aol.com, graytigresse@aol.com, lazyltning@aol.com,
granletici@aol.com, dlapoi8415@aol.com, kristin1211@aol.com,
bevmomma32@aol.com, eaglesoars55@aol.com, len4pat2@aol.com,
/code]

The BCC list keeps going - I guess that's what they are using.

Can anybody see what's wrong with this script? This is the first instance of spamming I've had.

 

 

 

 

Top