BleepingComputer.com: My email form has been spammed, please help

Well the title really explains it but i have a email form on my site that goes to sendmail.php, all of that works fine but i have had over 1000s emails spamming my inbox with variatioms of this:

You have recived a contact form:

               Name: Acunetix

               E-Mail: sample@email.tst
               
               Enquiry: 111-222-1933email@address.tst and 1=0 --

The and 1=0 -- changes every time and i can only assume that it is trying to find a hole in my code with it, i have taken the php off for now but dose anyone know what i can do to stop it?

There is a website antispyware company called acunetix, a connection there?

Any help will be greatly appreciated.
Thanks, Wolfy87.

please provide the email headers and the sendmail.php code? Can't really check much with the info given...

Ok, but what are the email headers?

The PHP code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Flow Web Design - Contact</title>
<link rel="icon" href="./image/icon.png" type="image/x-icon" />
<link rel="shortcut icon" href="./image/icon.png" type="image/x-icon" /> 
<style type="text/css">
@import 'reset.css';
@import 'main.css';
</style>
</head>
<body>
<div id="wrapper">
 	<div id="main">
 	 <div id="curve_top">
 
 	 </div>
 	 <div id="header"></div>
 	 <div id="menu">
 	 <a href="./index.html"><ul class="menu_title">Home</ul></a>
 	 <a href="./portfolio.html"><ul class="menu_title">Portfolio</ul></a>
 	 <a href="./webapps.html"><ul class="menu_title">Web Apps</ul></a>
 	 <a href="./login.html"><ul class="menu_title">Login</ul></a>
 	 <a href="./contact.html"><ul class="menu_title" id="last">Contact</ul></a>
 	 </div>
 	 <div id="title">
 	 <p class="title">
 	 Contact >>
 	 </p>
 	 </div>
 	 <div id="content">
 	 <p class="content">
 	 <?
 	 function checkOK($field)
 	 {
 	 if (eregi("\r",$field) || eregi("\n",$field)){
 	 die("Invalid Input!");
 	 }
 	 }
 	 $name=$_POST['name'];
 	 checkOK($name);
 	 $email=$_POST['email'];
 	 checkOK($email);
 	 $enquiry=$_POST['enquiry'];
 	 checkOK($enquiry);
 	 $to="info@flowwebdesign.co.uk";
 	 $message="You have recived a contact form:\n
 	 Name: $name\n
 	 E-Mail: $email\n
 	 Enquiry: $enquiry\n";
 	 if(mail($to,"Contact form",$message,"From: $email")) {
 	 echo "Your enquiery has been sent successfully.";
 	 } else {
 	 echo 'There was a problem sending the enquiery. Either try again or contact me with this problem at <a href="mailto:info@REDACTED.co.uk">
 	 info@REDACTED.co.uk</a>.';
 	 }
 	 ?>
 	 <br /><a href="./index.html">Return to Homepage</a>
 	 </p>
 	 </div>
 	 <div id="curve_bottom"></div>
 	</div>
</div>
</body>
</html>

Thanks so much

How to view email headers

@ AA - You seem to have missed one of the email addresses in the code at the $to section...

Right I sent an email to Acunetix asking was it there program scanning my site, they said yes but it is not them doing it, they probably have a cracked version, so i sort of know whos doing it...not them, just somone using there program, here is one of the email headers:

Return-path: <flowwebdesign.co.uk@web178.extendcp.co.uk>
Envelope-to: info@flowwebdesign.co.uk
Delivery-date: Fri, 28 Aug 2009 23:30:13 +0100
Received: from web178.extendcp.co.uk ([79.170.40.178])
	by mail75.extendcp.com with esmtp (Exim 4.69)
	id 1Mh9xV-0006wK-AV
	for info@flowwebdesign.co.uk; Fri, 28 Aug 2009 23:30:13 +0100
Received: from web178.extendcp.co.uk (web178.extendcp.co.uk [127.0.0.1])
	by web178.extendcp.co.uk (8.14.3/8.13.1) with ESMTP id n7SMHppG019598
	for <info@flowwebdesign.co.uk>; Fri, 28 Aug 2009 23:17:51 +0100
Received: (from flowwebdesign.co.uk@localhost)
	by web178.extendcp.co.uk (8.14.3/8.14.3/Submit) id n7SMHpse019593;
	Fri, 28 Aug 2009 23:17:51 +0100
Date: Fri, 28 Aug 2009 23:17:51 +0100
From: "flowwebdesign.co.uk" <flowwebdesign.co.uk@web178.extendcp.co.uk>
Message-Id: <200908282217.n7SMHpse019593@web178.extendcp.co.uk>
To: info@flowwebdesign.co.uk
Subject: Contact form

I think my best bet is to put some sort of protection on the form like and image word validation, i dont know why they want to hack it anyway there are no details on there ets :S

Because by compromising an improperly configured mail server, they can then in turn use it to send out other spam emails. that will work for a bit until your ISP determines that there is an unusual amount of traffic coming from your server, and they will disconnect your service.

Right i see, thanks
And have i posted the right thing, are they the email headers?

Thanks

The email headers don't really help, should have known this, sorry! (silly me forgot you are using a form... so all the emails are coming from your webserver...)

I agree putting something like a captcha into your form may help

One i have used in the past: http://recaptcha.net/whyrecaptcha.html

I would also suggest removing your email address from the samples you have provided...

Thank you very much for your help, i will get right on it.

Thanks again, Wolfy87.

If you don't want to have the contact formyou canuse a free service which links to a site and its called www.xinbox.com take a look. Its free to sign up and its spam free email contact form. your email is displayed as a image so it can not be used by spam robots etc.

Thank you