[RCU] spam bot using roundcube possibility

Jim Pazarena roundcube at paz.bz
Thu Mar 17 22:53:00 CET 2011

I recently discovered a hacker (IP:
ALL SHOULD BLACKLIST who signed on to my roundcube system
with login credentials of a legitimate user, and used
roundcube to send out 82 emails (junk "I have a proposal for
you") to hundreds of recipients EACH.

Spamming thousands of people!

I enforce SSL connectivity.

This felon logged in twice, @13:49 and 15:31. But without a
log OUT time, I can't tell if this felon sat there cutting
and pasting, or if was an automated attack.

Question: are there BOTS which can do this automatically?

This has me furious, and wonder just how anal I have to get
checking roundcube logins?

comments please!
List info: http://lists.roundcube.net/users/

More information about the users mailing list