That seems to be the source IP, they more than likely injecting headers into the mail() being used in PHP, there are a few regexes and methods on the Internet if you google on how to prevent it.
myphpfile.php are file for sending private message (member got email notification too for each private message) to another member in my site, you must be login to use that page
is there a way to prevent myphpfile.php page by accessing from other server, so only real user that can accessing the page? maybe like prevent hotlinking image
it is vbulletin or phpbb private message script, i already ask to the support forum, but this problem is about general php problem, so i ask in webmaster forum too
please share if anyone know how to make myphpfile.php page not used by cross linking, only allowed real user
I agree that you probably have a larger problem - like compromise of your username/password (or a hole in the security of your code - check for updates after changing your username and password … and use a STRONG password!).
Regex? Certainly, if it’s merely a form problem, you should test that there are no commas in the TO field (delete the entire message if that’s the case).
Coming from the Apache forum, IF you’re using Apache, you can also block the IP address from accessing your website using mod_rewrite (but that can be spoofed so that would be, at best, a temporary fix).