OK no problem I'll stop offering my script here. But it's never been hijacked, fyi
The others, I believe, all have, at one point or another.
Sometimes efficiency is in simplicity. Since there's no recipient variable in my script, it's not possible to use it to send mail to anybody but the one recipient that's hardcoded into the script-right in the sendmail command.
All the others still use variables. If it's not protected in a private object, a var can be changed. Since perl is not OOP, you can't protect variables.
Best course of action, don't use one!
That's what I do.
I've already fooled both the latest formmail and BNB script. I'll demonstrate to the staff, if you like, how easy it is to fool these scripts. Once you're in, if the recipient is a variable, you're all set. Plug in 10, 100, 1000 recipients and you're off.
Seems what they've done is pile checkpoints into the script. What I've done is simply hardcode the simple recipient (with a couple important checkpoints also).
If someone manages to fool my script, the result is the single recipient will receive a spam message. One email sent