Last night someone tried to send mail from my contact form. I received several emails with a spoofed address at my domain. I checked the access log and someone had sent it from the contact page. I use a static index.html page with an HTML form using . The $mailto = ‘firstname.lastname@example.org’ ; is in the PHP file (not in the index.html page). They sent out several emails, one with a bcc to someone at aol.com (no surprise there) all with a spoofed email address @mydomain.com.
I have taken down the form but wonder if someone would please fill me in how this person was able to do this. When I try to send from the command line nothing happens and it automatically reloads the contact/index.html page. What can I do to prevent someone from doing this? Obviously, I’m a bit upset since I thought PHP was the way to go with forms these days.