doogstar1

Thanks, that worked a treat, you are a champion!!

I got the below message from my ISP, can someone tell me the best way to stop URLS from being inserted into my site. Your help would be appreciated. I am a newbie to PHP, so you may need to spell it out for me. [i]Your website has been temporarily taken offline as it is being abused by spammers and used to send large amounts of spam to other users on the Internet. We have provided our analysis below to hopefully help your web developer(s) understand the problem and hopefully help fix your website. Basically, it seems that index.php and possibly other files allows inclusion of code from another site. The piece of PHP code in question from index.php has been provided below: ...[/i] <?php if(isset($_GET["content"])) { $page = $_GET["content"]; include_once("$page.htm"); } else { include_once("main.htm"); } ?> [i]Spammers are abusing this to include HTML e-mail forms hosted on a free webspace provider and using it to send mail messages to other users on the Internet. We have renamed index.php to index-old.php and provided an example of one form below: [a href=\"http://www.imark.com.au/index-old.p...ter/mailer.jpg\" target=\"_blank\"]http://www.imark.com.au/index-old.p...ter/mailer.jpg[/a]? We have also confirmed this by creating a small HTML file on one of our web servers and used your website to display it. This is shown in the link provided below: [a href=\"http://www.imark.com.au/index-old.p.../hawl/test.php\" target=\"_blank\"]http://www.imark.com.au/index-old.p.../hawl/test.php[/a]? Our suggestion would be to make modifications to this code so that it validates "content" making sure that it does not contain "http://....".[/i]