This is the 2nd time this has happened to me. The first time I was bit stupid in having the script named as a rather obvious "sendMail.php" in a folder called "forms". I renamed it something more cryptic like "itemAsk.php" and in a folder called "myAssets" and for months it was fine..

Yesterday I started getting hundreds of messages to my "[email protected]" all populated with giberish, tell-tale sign the script was being abused. I contacted my webhost support and told them there was a problem, their ever so helpful response was to tell me "your script itemAsk.php was sending spam and has now been disabled, please contact us should you have any other problems"!

Good eh?

The recipient var is hardcoded in the php script as "[email protected]" and to be honest I don't really know how I can stop the script being taken over, I still don't understand how it was done.

Anyone got any tips as to better protect it?

Thanks