[RCU] spam bot using roundcube possibility

Jim Pazarena roundcube at paz.bz
Thu Mar 17 22:53:00 CET 2011


I recently discovered a hacker (IP: 41.211.223.83)
ALL SHOULD BLACKLIST who signed on to my roundcube system
with login credentials of a legitimate user, and used
roundcube to send out 82 emails (junk "I have a proposal for
you") to hundreds of recipients EACH.

Spamming thousands of people!

I enforce SSL connectivity.

This felon logged in twice, @13:49 and 15:31. But without a
log OUT time, I can't tell if this felon sat there cutting
and pasting, or if was an automated attack.

Question: are there BOTS which can do this automatically?

This has me furious, and wonder just how anal I have to get
checking roundcube logins?

comments please!
-- 
List info: http://lists.roundcube.net/users/
BT/9b404e9e



More information about the users mailing list