Hi Andrew,
I have installed phpformmail on two websites and I am receiving spam messages through both sites. One in particular is www.kazed.com.au, now someone has been on the site and made some updates and the form on the index page doesn't work. Yet the spam emails are coming through as if they have been through the site. I have renamed the original file, so perhaps the spammers are picking up on something else. I use the senders email in the reply field - would this have a bearing on the code being spammed?
I have an example email:
Below is the result of your feedback form. It was submitted by
Smith (clingo44@ya.ru) on October 30th, 2008 at 02:09PM (GMT +11).
realname: Smith
Phone: sAwmnziEoxWXudqXI
email: clingo44@ya.ru
Description: Really, cool: [list of links to same website - removed]
Could you post the full headers of the email. As far as I know, there are currently no exploits but I've got to hand it to the spammers, they're dedicated to finding them.