I created a PHP mailer form that is going to three addresses. Two emails receive it and a third is Cc’d. It works beautifully. To get it that way I had to test it many times.
I am hosting the form on the www.1and1.com shared hosting plan.
Last night after multiple tests it seems some how the form is hijacked and all three recipients have recived several dozen emails from devnull@kundenserver.de with no message info or other form fields filled out.
My form has been only public for one day.
The only open Headers are the From: and the Reply-To: These both get their values from the form variable $email. I believe that I am recieving email injections at this point.
How can I prevent this from happening?
Should I contact my hosting company? Is there a way to limit the number of emails entered on the email text field of the form?
Any help would be appreciated.
