Strange happenings with aFormMail script

I've been using the aFormMail script on my site for quite some time now (located here ), but in the past couple weeks, there have been strange things happening with it.

I seem to be getting some bogus submissions from the form, an example of which is copied below. I get them in batches of about 6 at a time, and it has happened maybe 5 times now. The email looks similar to a normal submission, but has some extra mumbo-jumbo in it. Additionally, all the submissions are filled out as coming from a bogus address at my domain name.

My questions are - is this at all malicious, and is there anything I can do to prevent this? I'm not very script-savvy, so please go easy on me.

Btw, I've checked to be sure I have the latest version of the script, and I do. I'm happy to forward any of the examples, so please just ask.

Any help would be much appreciated!! To sweeten the deal, I'll send a free CD of my band to whomever can help me solve the problem!

-Janis

Message example, including headers:

Mime-Version: 1.0
From: tkiuemcke@familygrooveco.com <tkiuemcke@familygrooveco.com>
Content-Type: multipart/mixed;
boundary="66091a985a56b172a275987641d8a0eb"
Content-Disposition: inline
Message-Id: <E1EEzmd-00040U-Hg@echo2.1oftheservers.net>
Date: Mon, 12 Sep 2005 21:40:27 -0400
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on
echo2.1oftheservers.net
X-Spam-Level:
X-Spam-Status: No, score=-5.9 required=5.0 tests=ALL_TRUSTED,BAYES_00
autolearn=ham version=3.0.4

This is a MIME-encapsulated message

--66091a985a56b172a275987641d8a0eb
Content-type: text/plain
Content-Transfer-Encoding: 8bit

The aFromMail form submitted:
City ........: tkiuemcke@familygrooveco.com
Name from....: tkiuemcke@familygrooveco.com
Comments.....: tkiuemcke@familygrooveco.com
Sign.........: tkiuemcke@familygrooveco.com
Content-Type: multipart/mixed; boundary=\"===============1772143385==\"
MIME-Version: 1.0
Subject: a5929ff2
To: tkiuemcke@familygrooveco.com
bcc: jrubin3546@aol.com
From: tkiuemcke@familygrooveco.com

This is a multi-part message in MIME format.

--===============1772143385==
Content-Type: text/plain; charset=\"us-ascii\"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

kmqdjxw
--===============1772143385==--
Email from...: tkiuemcke@familygrooveco.com
Promo?.......: tkiuemcke@familygrooveco.com

--------------------
REMOTE IP : 213.199.207.66
DATE/TIME : 2005-09-12 21:40:27
--66091a985a56b172a275987641d8a0eb--

alex - I think that is a very poor reply to a very serious problem that I also had with using the aFormMail script on my sites.

janisz isn't asking to help her figure out an input field or how to change the text in the subject line, they are pointing out a critical error that spammers are now using to exploit the script and send out spam mail.

Rather than address what the issue is so people can continue to download and use the script you provide, once word gets out the script is spambait, who will continue to use it?

I understand you don't provide support for a free product, but most people when they create scripts, if they find a malicious error, they address it by making a patch or releasing and updated version. Which isn't support.

I'm just siding with janisz and for the record, once I came to the forum and found your dismissive reply, looked around for another script and found one that my hosting company uses and was already installed on my account.

I'd advise janisz and others with this problem to do the same and wherever you guys are listed in script directories, I'll be sure to leave a note about my experience.

Regards.

Find this line of referrers and add this:

// Allowed Referrers. Should be empty or list of domains
$referrers = array("familygrooveco.com");

I'm not sure if that will help you much, but it will ensure that bots can't spam your form from a remote script. They would have to actually come to your page and fill out the form and submit it.