Dear colleagues,

I got several incomprehensible e-mails from an specific e-group I own, stating the following:

ZAP (not verified) (foo-bar@example.com) sent a message using the contact
form at https://my-web-site.web.cern.ch/contact.
*Message*
/etc/passwd

and some e-mails with this content:

ZAP (not verified) (foo-bar@example.com) sent a message using the contact
form at https://my-web-site.web.cern.ch/contact.
*Message*
c:/Windows/system.ini

I don’t understand the reason for these e-mails, anyone can give me advice?

Best regards,
Ismael

Hi,

These email messages are sent by CERN’s security team. They have a tool that searches for unprotected contact forms from spam messages in CERN websites.

If you are receiving these emails it means that you have such a contact form in your website.

What you can do in case you don’t want the contact form:

• If it is a form created by the contact module, Go to Extend → then Uninstall tab → select the Contact module from the list and uninstall it.
• If it is a form created by the webform module, Go to Structure → Webforms and either delete the forms or Edit them → go to Settings → select Close form and Save.

What you can do in case you want to keep the contact form:

• Install the module Honeypot | Drupal.org. Configure it so it protects all the forms and set the timer to 0. Then Save.
• You can also install the CAPTCHA | Drupal.org module and place a Captcha challenge into the form.

Kind regards,
Sotirios