Hello,
This is in regards to http://lists.roundcube.net/mail-archive/announce/2008-12/0000000.html
Let me know if this is the wrong venue, I was directed here by a forum moderator.
I have several old versions of roundcube deployed for clients. Recently
two of them were compromised using this vulnerability. My fault for not
staying up to date, I think I even emailed myself the security update
bulletin just never did it.
At any rate, the vulnerability was used to create an adware serving system.
My real question is this, contained in the adware directory are some
large text files that I deduce the adware author used to rotate links
etc., these files contain links to other compromised roundcube sites.
What would be the best way to go about the process of notifying these admins??
Although this was several months ago, I just spot checked some of the links and they are still compromised.
Thanks,
Andy