I have a customer with a classic ASP page with CDO mail script embedded in it.
The problem is that hackers are targeting the script and running it with a bogus call to the webpage and using it to spam the company with rubbish mail.
The calls to the script are being disguised as the companies own domain and IP address!
Is there an accepted way of securing an ASP script to stop it being run by outside sources (certificate, Windows Authorisation etc.)?
We are on Win 2012 with IIS7