We recently became aware that there are users still using the old formmail.pl and PHP scripts to process
web forms which do not require CAPTCHA (http://en.wikipedia.org/wiki/CAPTCHA). This leaves large holes for
spam attacks and other exploitation on our servers so must be stopped completely.
One way to do this is by using a freely available PHP script called Securimage which provides CAPTCHA with
a PHP processing script which has the filled out CAPTCHA as a condition to process the form and send email.
Here is how:
For some reason the Knowledgebase Editor would not allow the inline code so the rest of the writeup is here: