Just curious... what would be the reason for going thru all the bcc and cc trouble? Why wouldn't the spammer just stick in a bunch of emails separated by commas and not worry about the "bcc" ?
In addition, the above article is a good reason to "turn off" any scripts that come "free" with your webhosting that you aren't using. We've gone in and renamed all of our "auto-responder" and formmail and wwwthreads scripts that our host "provides" as a service so that they no longer work. Many of these "free" scripts are old versions that have been hacked and exploited and are well known.
Also, also - filter out any script code (which I believe dbman does) from the input fields. I also limit all of my input tags using the "maxlength" attribute set to a realistic number, however I'm not so sure that'd work if being passed along in a URL instead of actually filling out the form.
In addition, the above article is a good reason to "turn off" any scripts that come "free" with your webhosting that you aren't using. We've gone in and renamed all of our "auto-responder" and formmail and wwwthreads scripts that our host "provides" as a service so that they no longer work. Many of these "free" scripts are old versions that have been hacked and exploited and are well known.
Also, also - filter out any script code (which I believe dbman does) from the input fields. I also limit all of my input tags using the "maxlength" attribute set to a realistic number, however I'm not so sure that'd work if being passed along in a URL instead of actually filling out the form.