Hello,<br>
<br>
This is in regards to <a href="http://lists.roundcube.net/mail-archive/announce/2008-12/0000000.html" target="_blank">http://lists.roundcube.net/mail-archive/announce/2008-12/0000000.html</a><br><br>Let me know if this is the wrong venue, I was directed here by a forum moderator.<br>



<br>
I have several old versions of roundcube deployed for clients. Recently
two of them were compromised using this vulnerability. My fault for not
staying up to date, I think I even emailed myself the security update
bulletin just never did it.<br>

<br>

At any rate, the vulnerability was used to create an adware serving system.<br>

<br>

My real question is this, contained in the adware directory are some
large text files that I deduce the adware author used to rotate links
etc., these files contain links to other compromised roundcube sites.<br>

<br>

What would be the best way to go about the process of notifying these admins??<br>
<br>
Although this was several months ago, I just spot checked some of the links and they are still compromised.<br>
<br>
Thanks,<br>
<br>
Andy<br>