I found out about email form hijacking and had a couple of question. Email Form hijacking is when spammers use your email form to send out spam emails. They hack the address by adding carriage return line feeds, adding huge BCC to your outgoing email.

http://www.anders.com/projects/sysadmin/formPostHijacking/

My website was using a PHP script written by my son as an exercise for learning programming. It hid the To: email address but did not do anything to stop the hacking. I have since added NateMail to include the feedback function on my site.

So my questions:

How would I have known if spammers were using this "feature" to send out spam. I did not receive any spam addressed to my web response address.

Which logs or other information from my website might indicate something is amiss? Are the wonderful people at Alpha Omega monitoring out going email traffic and would they inform me of unusual activity?

Assuming there are other security holes, how will we know when the next hole is exploited?

Finally, assuming I have done a good job with my email form, how might I test it to make sure it is working as advertised?

Nothing urgent above, just curious...

Michael

When spam is sent in this manner, it's done in extremely high volume and you'll know quickly, as you'll get bounces and spam compliants quite quickly.

The only real way to prevent it is to use something secure. We recommend formmail.pl (http://sourceforge.net/projects/nms-cgi/ )