Prevent php regex, someone using myphpfile.php maybe using they bot spammer script

Hi guys,

few days ago my host says in one of my website are sending large mail, that come from senegal country ip

here are my host says

There were another 16 mails in the queue this morning going to a very large number of recipients.

X-PHP-Script: for 111.222.333.444

That seems to be the source IP, they more than likely injecting headers into the mail() being used in PHP, there are a few regexes and methods on the Internet if you google on how to prevent it.

myphpfile.php are file for sending private message (member got email notification too for each private message) to another member in my site, you must be login to use that page

is there a way to prevent myphpfile.php page by accessing from other server, so only real user that can accessing the page? maybe like prevent hotlinking image

please share your knowledge guys

You have a much bigger problem. Show us the source code.

it is vbulletin or phpbb private message script, i already ask to the support forum, but this problem is about general php problem, so i ask in webmaster forum too

please share if anyone know how to make myphpfile.php page not used by cross linking, only allowed real user


I agree that you probably have a larger problem - like compromise of your username/password (or a hole in the security of your code - check for updates after changing your username and password … and use a STRONG password!).

Regex? Certainly, if it’s merely a form problem, you should test that there are no commas in the TO field (delete the entire message if that’s the case).

Coming from the Apache forum, IF you’re using Apache, you can also block the IP address from accessing your website using mod_rewrite (but that can be spoofed so that would be, at best, a temporary fix).