You may track the IP address of robot and implement one of these:

simple solution: if you are on a linux server and using Cpanel site control panel, you can ban any visitor from that IP address to see stuff on your site.

slightly complex solution: use access control methods using .htaccess to ban any activity from that IP (individual or block level)

HTH

JLS

Thanks JLS

Would you know how identify the culprit as I would not want to ban all robots (although come to think of it its only a cintact page so indexing isn't an issue I suppose)

Hi kids - I'm new here and just reading. Thought I'd jump in on this one. This exploit has been fairly common over the last few months. If you look at the email header, you'll notice that the sender is trying to add a Bcc: field to the email - a way to effectively use your contact form as a spam tool. There's a lot of chatter over at WebHostingTalk about this.

The way it is done is to try to add a carriage return (\r) or newline (\n) to the form field and insert the Bcc: field. Modify your script to strip out any \r or \n entered. For php, you may do it thus:

<?php
$from=$_POST["sender"];
if (eregi("\r",$from) ¦¦ eregi("\n",$from)){
die("Yet another spam attempt thwarted!");
}
?>

Hope that helps.

Hi, this is a huge problem the last time. My first site got attacked last week, the second this week and just tonight my third. Fortunately I've taken my measures now. Some advice: take immediate action! These bots are going to inject loads and loads of email through your script. And the fact that you receive some gibberish mails is not the problem! The problem is that your mailform is sending masses of spam around. You don't want to get blacklisted as a spammer.

So read all the threads on the forums, and take your precautions. One simple solutions is to hardcode your headers. Don't put any POST vars in them. Filter the $from or $email vars and place them in the body of the email.

Thanks for all the advice guys.

I will now expose my complete coding ineptitude by posting my script changes. If any body could tell me of any schoolboy errors, again, I would be most grateful

<?php

$headers .= "From: $name <$theiraddr>\n";
$headers .= "Content-Type: text/plain; charset=iso-8859-1\n"; // sets the mime type
$recipient = "myemail@myemail";
$subject = "Website Enquiry";

$msg = wordwrap( $msg, 1024 );

$headers .= "From: $name <$theiraddr>\n";
$headers .= "Content-Type: text/plain; charset=iso-8859-1\n";
$recipient = "myemail@myemail";
$subject = "Website Enquiry";
$from=$_POST["sender"];
if (eregi("\r",$from) ¦¦ eregi("\n",$from)){
die("Yet another spam attempt thwarted!");
}
$msg = wordwrap( $msg, 1024 );

mail($recipient, $subject, stripslashes($msg), $headers);

header("location: thanks.html");
mail($recipient, $subject, stripslashes($msg), $headers);
?>

(sorry if this offends any programmers!)