Pixelsize

xD!!! GOSH!!! WHAT AN OBVIOUS EXPLOIT, ye, I'll fix it right away - thank you all for your time... gosh, so obvious xD. Thank you all. Cya!

No login, no forms... this is all... They say they won't reactivate my account until I can ensure that the code has no security wholes :S So I can't do tests... But do you think anyone could just send e-mails by taking advantage of... what? a $_GET???

Hi there, I think this is the place where to post this question. At the webhosting I'm at, they keep suspending my webpage because my code is vulnerable to attacks. This is the code: [code]<? // Security patch against spam exploit // Provided by TangoWebs $badStrings = array("Content-Type:", "MIME-Version:", "Content-Transfer-Encoding:", "bcc:", "cc:"); foreach($_POST as $k => $v){ foreach($badStrings as $v2){ if(strpos($v, $v2) !== false){ header("HTTP/1.0 403 Forbidden"); exit; } } } ?> <title>Heh I didn't wanna show the site's title xD sry xD</title> <link href="style.css" rel="stylesheet" type="text/css"> <?php // Variables $page=$_GET['page']; // Gets info // Display include "header.html"; // Shows Header if ($page=="") { $page="home"; } $page=$page . ".html"; include $page; include "footer.html"; ?>[/code] TangoWebs is the name of the webhosting company... they provided this code and asked me to put it, and they say hackers are still sending e-mails, mail bombing, or whatever... from my website. This is just one page, but they are all exactly same, just change on what directory to include. Thanks for your time, I hope anyone could see what I still can't. Cya!!  :D