Dear colleagues,
I got several incomprehensible e-mails from an specific e-group I own, stating the following:
ZAP (not verified) (foo-bar@example.com) sent a message using the contact
form at https://my-web-site.web.cern.ch/contact.
*Message*
/etc/passwd
and some e-mails with this content:
ZAP (not verified) (foo-bar@example.com) sent a message using the contact
form at https://my-web-site.web.cern.ch/contact.
*Message*
c:/Windows/system.ini
I don’t understand the reason for these e-mails, anyone can give me advice?
Best regards,
Ismael
Hi,
These email messages are sent by CERN’s security team. They have a tool that searches for unprotected contact forms from spam messages in CERN websites.
If you are receiving these emails it means that you have such a contact form in your website.
What you can do in case you don’t want the contact form:
- If it is a form created by the
contact module
, Go to Extend → then Uninstall tab → select the Contact module from the list and uninstall it.
- If it is a form created by the webform module, Go to Structure → Webforms and either delete the forms or Edit them → go to Settings → select Close form and Save.
What you can do in case you want to keep the contact form:
- Install the module Honeypot | Drupal.org. Configure it so it protects all the forms and set the timer to
0
. Then Save.
- You can also install the CAPTCHA | Drupal.org module and place a Captcha challenge into the form.
Kind regards,
Sotirios