Section de la navigation

Des connexions étranges sur mes sites

  • Initiateur de la discussion Initiateur de la discussion Aliast
  • Date de début Date de début
Domain Summit Europe 2026

Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
A

Aliast

New member
Inscrit
5 Mai 2014
Réponses
76
Réactions+
0
Bonsoir,

J'ai installé un script sur mes landings pages pour recevoir des offres sur mes ndd par email. Depuis 2 jours, je reçois plusieurs centaines de mails car des robots semblent visiter mes pages web.

Je suis habitué à voir les Googlebot et autre moteur de recherche, mais là, les noms des IP me semble suspect. Exemples (mais la liste est bien plus longue) :
  • nos-oignons.net
  • torservers.net
  • cloud.scaleway.com
  • torworld.org
  • tor-node.net
  • tor.openinternet.io

Avez-vous une idée concernant ce phénomène ? Pensez-vous que des robots du réseau TOR tente de pirater mes sites ou de squatter mon serveur d'envoi d'email ? :shok:
 
Tu reçois des mails pour quelle raison exactement ? Parce que des bots font un submit d'un formulaire ?
As-tu analysé le log Apache (ou autre webserver) ?
 
Oui, je suppose que les bots font un "submit" sur mon formulaire de contact.

Concernant les statistiques, Xiti ne semble pas comptabiliser ces bots, mais Webalizer passe de 250 pages vues en moyenne par jour à 1100 pages vues par jour sur les 13/14 avril.

Peut-être que le réseau Tor a lancé un moteur de recherche concurrent a Google qui indexe tout le Web ?
 
Formulaire de contact
=> est-ce que ton script utilise PHPMailer ?

Si oui, vérifie bien si la version installée n'est pas vulnérable aux derniers exploits remontés il y a quelques mois.

Si oui, tu es bon pour réinstaller ton serveur :(
 
C'est possible que ce soit une tentative d'exploitation. C'est pour ça qu'il faut regarder les logs du serveur (si c'est toi qui héberges les pages).
Le fait que ça vienne de Tor, ça peut être pour anonymiser les requêtes.
 
@Jerome: j'ai cherché dans le script qui envoi mon formulaire, ainsi que dans php info, je n'ai pas trouvé de référence à PHPMailer.
Je suppose donc que je ne l'utilise pas ? :shok:
Pour info, le script php utilisé est celui ci:
PERFECT • PHP E-mail Receive Form Electronic Content Text


@Kate: Je réussi à mettre la main sur mes logs (je suis un piètre administrateur réseau lol), j'ai des requêtes GET sur mon fichier form.php. En voici quelques extraits pris au hasard. Mais quelle conclusion faut-il en tirer ?

PHP: 
65.19.167.134 - - [14/Apr/2017:02:16:14 +0200] "GET /thanks.html HTTP/1.1" 200 2024 "http://maellys.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
106.120.173.156 - - [14/Apr/2017:02:17:59 +0200] "GET /robots.txt HTTP/1.1" 404 208 "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)"
106.120.173.156 - - [14/Apr/2017:02:18:01 +0200] "GET / HTTP/1.1" 200 4671 "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)"
165.231.0.242 - - [14/Apr/2017:02:18:41 +0200] "GET / HTTP/1.1" 200 4672 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
165.231.0.242 - - [14/Apr/2017:02:18:42 +0200] "GET /form.php?Name=58f0155d04743&Company=Company&Email=hector.perez%40sevilleclassics.com&Offer=Offer+Amount%2A&Currency=&Comment=Comment&Domain=lyncher.com&option1=&option2=&option3=& HTTP/1.1" 302 - "http://lyncher.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
165.231.0.242 - - [14/Apr/2017:02:18:43 +0200] "GET /thanks.html HTTP/1.1" 200 2024 "http://lyncher.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
5.148.165.13 - - [14/Apr/2017:02:18:52 +0200] "GET / HTTP/1.1" 200 4672 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
5.148.165.13 - - [14/Apr/2017:02:18:53 +0200] "GET /form.php?Name=58f0158060a0f&Company=Company&Email=heather.chandler62%40yahoo.com&Offer=Offer+Amount%2A&Currency=&Comment=Comment&Domain=lyncher.com&option1=&option2=&option3=& HTTP/1.1" 302 - "http://lyncher.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
5.148.165.13 - - [14/Apr/2017:02:18:54 +0200] "GET /thanks.html HTTP/1.1" 200 2024 "http://lyncher.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
79.124.59.194 - - [14/Apr/2017:02:20:20 +0200] "GET / HTTP/1.1" 200 4667 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
79.124.59.194 - - [14/Apr/2017:02:20:20 +0200] "GET /form.php?Name=58f015bbb45b9&Company=Company&Email=givens7%40hotmail.com&Offer=Offer+Amount%2A&Currency=&Comment=Comment&Domain=dasker.com&option1=&option2=&option3=& HTTP/1.1" 302 - "http://dasker.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
79.124.59.194 - - [14/Apr/2017:02:20:23 +0200] "GET /thanks.html HTTP/1.1" 200 2024 "http://dasker.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
45.62.248.47 - - [14/Apr/2017:02:22:54 +0200] "GET / HTTP/1.1" 200 4672 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
45.62.248.47 - - [14/Apr/2017:02:22:55 +0200] "GET /form.php?Name=58f0165654b68&Company=Company&Email=jrubinic%40yahoo.com&Offer=Offer+Amount%2A&Currency=&Comment=Comment&Domain=lyncher.com&option1=&option2=&option3=& HTTP/1.1" 302 - "http://lyncher.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
45.62.248.47 - - [14/Apr/2017:02:22:56 +0200] "GET /thanks.html HTTP/1.1" 200 2024 "http://lyncher.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
80.240.139.111 - - [14/Apr/2017:02:23:43 +0200] "GET / HTTP/1.1" 200 4672 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
80.240.139.111 - - [14/Apr/2017:02:23:43 +0200] "GET /form.php?Name=58f01683e0969&Company=Company&Email=marco.perrone15.06%40gmail.com&Offer=Offer+Amount%2A&Currency=&Comment=Comment&Domain=lyncher.com&option1=&option2=&option3=& HTTP/1.1" 302 - "http://lyncher.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
80.240.139.111 - - [14/Apr/2017:02:23:44 +0200] "GET /thanks.html HTTP/1.1" 200 2024 "http://lyncher.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
173.234.234.221 - - [14/Apr/2017:02:24:23 +0200] "HEAD / HTTP/1.1" 200 - "http://uptime.com/www.lyncher.com" "Mozilla/5.0 (compatible; Uptimebot/1.0; +http://www.uptime.com/uptimebot)"
162.243.203.87 - - [14/Apr/2017:02:27:11 +0200] "GET /robots.txt HTTP/1.0" 404 208 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36/Nutch-1.13"
162.243.203.87 - - [14/Apr/2017:02:27:11 +0200] "GET / HTTP/1.0" 200 4672 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36/Nutch-1.13"
37.139.8.104 - - [14/Apr/2017:02:27:55 +0200] "GET / HTTP/1.1" 200 4667 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
37.139.8.104 - - [14/Apr/2017:02:27:55 +0200] "GET /form.php?Name=58f0178351428&Company=Company&Email=nicopresov%40gmail.com&Offer=Offer+Amount%2A&Currency=&Comment=Comment&Domain=melyna.com&option1=&option2=&option3=& HTTP/1.1" 302 - "http://melyna.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
37.139.8.104 - - [14/Apr/2017:02:27:56 +0200] "GET /thanks.html HTTP/1.1" 200 2024 "http://melyna.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
199.249.223.65 - - [14/Apr/2017:02:29:13 +0200] "GET / HTTP/1.1" 200 4667 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
199.249.223.65 - - [14/Apr/2017:02:29:15 +0200] "GET /form.php?Name=58f018124f432&Company=Company&Email=pookie13z%40hotmail.com&Offer=Offer+Amount%2A&Currency=&Comment=Comment&Domain=dasker.com&option1=&option2=&option3=& HTTP/1.1" 302 - "http://dasker.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
199.249.223.65 - - [14/Apr/2017:02:29:16 +0200] "GET /thanks.html HTTP/1.1" 200 2024 "http://dasker.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
93.115.95.201 - - [14/Apr/2017:02:32:49 +0200] "GET / HTTP/1.1" 200 4667 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
93.115.95.201 - - [14/Apr/2017:02:32:50 +0200] "GET /form.php?Name=58f018e7980e5&Company=Company&Email=gloria.donaubauer%40gmail.com&Offer=Offer+Amount%2A&Currency=&Comment=Comment&Domain=dasker.com&option1=&option2=&option3=& HTTP/1.1" 302 - "http://dasker.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
93.115.95.201 - - [14/Apr/2017:02:32:50 +0200] "GET /thanks.html HTTP/1.1" 200 2024 "http://dasker.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
46.183.216.205 - - [14/Apr/2017:02:33:03 +0200] "GET / HTTP/1.1" 200 4672 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
46.183.216.205 - - [14/Apr/2017:02:33:04 +0200] "GET /form.php?Name=58f018c2362aa&Company=Company&Email=deannmarcy%40comcast.net&Offer=Offer+Amount%2A&Currency=&Comment=Comment&Domain=maellys.com&option1=&option2=&option3=& HTTP/1.1" 302 - "http://maellys.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
46.183.216.205 - - [14/Apr/2017:02:33:05 +0200] "GET /thanks.html HTTP/1.1" 200 2024 "http://maellys.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
67.215.255.140 - - [14/Apr/2017:02:37:34 +0200] "GET / HTTP/1.1" 200 4667 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
67.215.255.140 - - [14/Apr/2017:02:37:35 +0200] "GET /form.php?Name=58f01a2499277&Company=Company&Email=zoopers35%40ptd.net&Offer=Offer+Amount%2A&Currency=&Comment=Comment&Domain=dasker.com&option1=&option2=&option3=& HTTP/1.1" 302 - "http://dasker.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
67.215.255.140 - - [14/Apr/2017:02:37:38 +0200] "GET /thanks.html HTTP/1.1" 200 2024 "http://dasker.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
220.181.108.152 - - [14/Apr/2017:02:40:14 +0200] "GET / HTTP/1.1" 200 4676 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
198.50.200.135 - - [14/Apr/2017:02:43:13 +0200] "GET / HTTP/1.1" 200 4667 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
198.50.200.135 - - [14/Apr/2017:02:43:14 +0200] "GET /form.php?Name=58f01b1da6343&Company=Company&Email=fatmarmasoud%40yahoo.com&Offer=Offer+Amount%2A&Currency=&Comment=Comment&Domain=dasker.com&option1=&option2=&option3=& HTTP/1.1" 302 - "http://dasker.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
198.50.200.135 - - [14/Apr/2017:02:43:15 +0200] "GET /thanks.html HTTP/1.1" 200 2024 "http://dasker.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
74.115.214.141 - - [14/Apr/2017:02:43:52 +0200] "HEAD / HTTP/1.1" 200 - "http://uptime.com/www.ishorny.com" "Mozilla/5.0 (compatible; Uptimebot/1.0; +http://www.uptime.com/uptimebot)"
93.115.95.202 - - [14/Apr/2017:02:45:51 +0200] "GET / HTTP/1.1" 200 4672 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
157.55.39.85 - - [14/Apr/2017:02:46:27 +0200] "GET /function.include HTTP/1.1" 404 214 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
217.170.201.106 - - [14/Apr/2017:02:48:36 +0200] "GET / HTTP/1.1" 200 4667 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
217.170.201.106 - - [14/Apr/2017:02:48:36 +0200] "GET /form.php?Name=58f01c9a8b02d&Company=Company&Email=jrubinic%40yahoo.com&Offer=Offer+Amount%2A&Currency=&Comment=Comment&Domain=dasker.com&option1=&option2=&option3=& HTTP/1.1" 302 - "http://dasker.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
217.170.201.106 - - [14/Apr/2017:02:48:37 +0200] "GET /thanks.html HTTP/1.1" 200 2024 "http://dasker.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
87.118.126.150 - - [14/Apr/2017:02:48:58 +0200] "GET / HTTP/1.1" 200 4667 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
87.118.126.150 - - [14/Apr/2017:02:48:58 +0200] "GET /form.php?Name=58f01cb0130b7&Company=Company&Email=sdilling17%40yahoo.com&Offer=Offer+Amount%2A&Currency=&Comment=Comment&Domain=melyna.com&option1=&option2=&option3=& HTTP/1.1" 302 - "http://melyna.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
87.118.126.150 - - [14/Apr/2017:02:48:59 +0200] "GET /thanks.html HTTP/1.1" 200 2024 "http://melyna.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
213.32.55.247 - - [14/Apr/2017:02:50:51 +0200] "GET / HTTP/1.1" 200 4667 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
213.32.55.247 - - [14/Apr/2017:02:50:52 +0200] "GET /form.php?Name=58f01ce211d8e&Company=Company&Email=karaikovice%40gmail.com&Offer=Offer+Amount%2A&Currency=&Comment=Comment&Domain=melyna.com&option1=&option2=&option3=& HTTP/1.1" 302 - "http://melyna.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
213.32.55.247 - - [14/Apr/2017:02:50:52 +0200] "GET /thanks.html HTTP/1.1" 200 2024 "http://melyna.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
178.175.131.194 - - [14/Apr/2017:02:51:18 +0200] "GET / HTTP/1.1" 200 4672 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
178.175.131.194 - - [14/Apr/2017:02:51:19 +0200] "GET /form.php?Name=58f01d0923a1a&Company=Company&Email=irondrew92%40hotmail.com&Offer=Offer+Amount%2A&Currency=&Comment=Comment&Domain=lyncher.com&option1=&option2=&option3=& HTTP/1.1" 302 - "http://lyncher.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
178.175.131.194 - - [14/Apr/2017:02:51:20 +0200] "GET /thanks.html HTTP/1.1" 200 2024 "http://lyncher.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
163.172.190.34 - - [14/Apr/2017:02:52:12 +0200] "GET / HTTP/1.1" 200 4667 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
163.172.190.34 - - [14/Apr/2017:02:52:12 +0200] "GET /form.php?Name=58f01d71d6d6e&Company=Company&Email=karaikovice%40gmail.com&Offer=Offer+Amount%2A&Currency=&Comment=Comment&Domain=melyna.com&option1=&option2=&option3=& HTTP/1.1" 302 - "http://melyna.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
163.172.190.34 - - [14/Apr/2017:02:52:13 +0200] "GET /thanks.html HTTP/1.1" 200 2024 "http://melyna.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
180.76.15.21 - - [14/Apr/2017:02:53:04 +0200] "GET / HTTP/1.1" 200 4676 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
195.154.215.89 - - [14/Apr/2017:02:53:05 +0200] "GET / HTTP/1.1" 200 4667 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
195.154.215.89 - - [14/Apr/2017:02:53:05 +0200] "GET /form.php?Name=58f01dad093ff&Company=Company&Email=sharronhide%40yahoo.co.uk&Offer=Offer+Amount%2A&Currency=&Comment=Comment&Domain=melyna.com&option1=&option2=&option3=& HTTP/1.1" 302 - "http://melyna.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
195.154.215.89 - - [14/Apr/2017:02:53:06 +0200] "GET /thanks.html HTTP/1.1" 200 2024 "http://melyna.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
150.70.172.237 - - [14/Apr/2017:02:53:09 +0200] "GET / HTTP/1.1" 200 4672 "-" "PycURL/7.19.7"
176.31.180.157 - - [14/Apr/2017:02:54:04 +0200] "GET / HTTP/1.1" 200 4672 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
176.31.180.157 - - [14/Apr/2017:02:54:05 +0200] "GET /form.php?Name=58f01de4a2227&Company=Company&Email=cochranb84%40gmail.com&Offer=Offer+Amount%2A&Currency=&Comment=Comment&Domain=lyncher.com&option1=&option2=&option3=& HTTP/1.1" 302 - "http://lyncher.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
176.31.180.157 - - [14/Apr/2017:02:54:06 +0200] "GET /thanks.html HTTP/1.1" 200 2024 "http://lyncher.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
180.76.15.21 - - [14/Apr/2017:02:54:39 +0200] "GET / HTTP/1.1" 200 4676 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
5.196.66.162 - - [14/Apr/2017:02:56:08 +0200] "GET / HTTP/1.1" 200 4672 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
5.196.66.162 - - [14/Apr/2017:02:56:09 +0200] "GET /form.php?Name=58f01e1d75452&Company=Company&Email=gnzummo%40yahoo.com&Offer=Offer+Amount%2A&Currency=&Comment=Comment&Domain=lyncher.com&option1=&option2=&option3=& HTTP/1.1" 302 - "http://lyncher.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
5.196.66.162 - - [14/Apr/2017:02:56:10 +0200] "GET /thanks.html HTTP/1.1" 200 2024 "http://lyncher.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
61.146.178.190 - - [14/Apr/2017:02:56:15 +0200] "GET / HTTP/1.1" 200 4676 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11"
176.31.180.157 - - [14/Apr/2017:03:04:59 +0200] "GET / HTTP/1.1" 200 4667 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
176.31.180.157 - - [14/Apr/2017:03:05:00 +0200] "GET /form.php?Name=58f020339e695&Company=Company&Email=cochranb84%40gmail.com&Offer=Offer+Amount%2A&Currency=&Comment=Comment&Domain=melyna.com&option1=&option2=&option3=& HTTP/1.1" 302 - "http://melyna.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
172.241.151.26 - - [14/Apr/2017:03:05:01 +0200] "HEAD / HTTP/1.1" 200 - "http://uptime.com/fendard.com" "Mozilla/5.0 (compatible; Uptimebot/1.0; +http://www.uptime.com/uptimebot)"
176.31.180.157 - - [14/Apr/2017:03:05:01 +0200] "GET /thanks.html HTTP/1.1" 200 2024 "http://melyna.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
173.234.234.206 - - [14/Apr/2017:03:09:43 +0200] "HEAD / HTTP/1.1" 200 - "http://uptime.com/chaotique.com" "Mozilla/5.0 (compatible; Uptimebot/1.0; +http://www.uptime.com/uptimebot)"
176.10.107.180 - - [14/Apr/2017:03:13:40 +0200] "GET / HTTP/1.1" 200 4672 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
176.10.107.180 - - [14/Apr/2017:03:13:41 +0200] "GET /form.php?Name=58f0227e90f25&Company=Company&Email=dacimino%40aol.com&Offer=Offer+Amount%2A&Currency=&Comment=Comment&Domain=lyncher.com&option1=&option2=&option3=& HTTP/1.1" 302 - "http://lyncher.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
176.10.107.180 - - [14/Apr/2017:03:13:42 +0200] "GET /thanks.html HTTP/1.1" 200 2024 "http://lyncher.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
31.185.104.19 - - [14/Apr/2017:03:15:19 +0200] "GET / HTTP/1.1" 200 4672 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
108.61.122.88 - - [14/Apr/2017:03:15:19 +0200] "GET /form.php?Name=58f022e3853f7&Company=Company&Email=nicopresov%40gmail.com&Offer=Offer+Amount%2A&Currency=&Comment=Comment&Domain=lyncher.com&option1=&option2=&option3=& HTTP/1.1" 302 - "http://lyncher.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
108.61.122.88 - - [14/Apr/2017:03:15:20 +0200] "GET /thanks.html HTTP/1.1" 200 2024 "http://lyncher.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
193.15.16.4 - - [14/Apr/2017:03:16:34 +0200] "GET / HTTP/1.1" 200 4672 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
193.15.16.4 - - [14/Apr/2017:03:16:35 +0200] "GET /form.php?Name=58f02348ced3e&Company=Company&Email=cochranb84%40gmail.com&Offer=Offer+Amount%2A&Currency=&Comment=Comment&Domain=maellys.com&option1=&option2=&option3=& HTTP/1.1" 302 - "http://maellys.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
 
Dernière édition:
En corrélant ces logs avec ceux de ton serveur mail tu devrais t'apercevoir que ton script est exploité pour spammer.

J'ai regardé rapidement le code php qui est de très mauvaise qualité : aucune protection, aucun check sur l'injection, pas de captcha ... Nada.

Mon conseil : dégage ce truc rapidement avant d'être blacklisté par la Terre entière :)
 
Tu penses à une attaque de ce genre ? ;)
PHP Email Injection Example

Concernant la faille phpmailer, en fait elle concerne la fonction mail de PHP (et ses paramètres). C'est assez technique mais je poste un lien pour ceux que ça intéresse: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

Je recommenderais effectivement d'utiliser une classe plus robuste par exemple phpmailer maintenant que la faille est patchée ;)
Au minimum, il faut nettoyer l'input...

Examine à présent les logs de ton relais mail et regarde aussi sur mxtoolbox.com si ton adresse IP est blacklistée.
 
Identifiez-vous ou inscrivez-vous pour participer.

Discussions similaires

Helmuts
Sedo Sedo – Liste hebdomadaire des ventes publiques (18 janvier 2026)
Réponses
0
Vues
308
HelmutsHelmuts is verified member.
Helmuts
Admin
Deux nouveaux épisodes du podcast “Derrière le .fr”
Réponses
0
Vues
267
AdminAdmin is verified member.
Admin
Admin
Le .fr passe la barre des 4,3 millions de noms de domaine enregistrés
Réponses
0
Vues
554
AdminAdmin is verified member.
Admin
Helmuts
Sedo Ventes Sedo des domaines .FR (23 novembre 2025)
Réponses
0
Vues
380
HelmutsHelmuts is verified member.
Helmuts
Admin
The DECODES project: optimising the energy consumption of data centres thanks to the DNS
Réponses
0
Vues
342
AdminAdmin is verified member.
Admin
Retour
Haut