Over the past 24 hours, I’ve been bombarded by bounced email that appears to have originated from my server. Turns out, there is a security flaw in the php script that RapidWeaver uses for its contact page so people have been exploiting it to send spam. Reading the message boards for the software shows that the authors knew about this about 1.5 weeks ago. It would have been nice for them to inform their users to turn this feature off until they can patch it. Even after they patch it, I’ll find another way to handle the contact page so I don’t have to deal with this again.