Hi -

I have had a message today from my hosting company to tell me that one of the sites on my hosting account is having it's php code abused. Apparently someone is manipulating the php code from the contact form to allow them
to add Bcc addresses.

Any ideas on what I need to do to close this loop hole?

Thanks.

Without seeing the contact form code I can't be sure. But nobody should be able to change the php code unless the file is world writable (check your file permissions). If I had to take a wild stab in the dark I'd wonder if one of the fields is allowing users to put Bcc: blah@blah.com, and the form code is just tossing that along. If that's the case, writing some code to strip that out should be pretty easy. HTH.