$badStrings = array("Content-Type:", "MIME-Version:", "Content-Transfer-Encoding:", "Bcc:", "Cc:", "To:"); foreach($_POST as $k => $v){ foreach($badStrings as $v2){ if(strpos(strtolower($v), strtolower($v2)) !== false){ header("HTTP/1.1 403 Forbidden"); exit(); } } } PHP: If your server supports PHP, then add this piece of code to the top of form processing script. It will validate the POST data against the bad header injection strings and exit with 403 forbidden status code if it is found to be header injection attack. Hope it helps.
i am using the form presented by my host so i'm practically putting the form code in an html file .... is the code given can be put in this html file or should it be put in the processing file used by my host ....
You should place this code in your PHP script and not in HTML. I guess your form processing script must be written in PERL. In such case you will need to put a similar perl code which performs the same action. Otherwise you should modify the processing script to php. If it is a simple contact us form, please let me know. I can help you upto some extend.
Why don't you delete contact form while you straighten this out. You can put up notice form temporarily down for upgrade or some such.
i've done this for some time then i guess the spammer went so i've put it again now i'm simply trying to find ways to prevent it from hapenning again