Re: [RCD] Hacker Magnet

7 Apr 2009


      two hundred wrote:
...
Greetings,
My apologies for the "hit & run"  but why are hackers looking for 
roundcube on our server ?
I'm not concerned about our system per se, my question is what 
attracts hackers to roundcube ?
Thanks,
93.190.138.51 - - [31/Mar/2009:04:25:34 -0400] "GET 
/roundcube/CHANGELOG HTTP/1.1" 404 1012
93.190.138.51 - - [31/Mar/2009:04:25:34 -0400] "GET /mail/CHANGELOG 
HTTP/1.1" 404 997
93.190.138.51 - - [31/Mar/2009:04:25:34 -0400] "GET /webmail/CHANGELOG 
HTTP/1.1" 404 1006
93.190.138.51 - - [31/Mar/2009:04:25:34 -0400] "GET 
/roundcubemail/CHANGELOG HTTP/1.1" 404 1024
93.190.138.51 - - [31/Mar/2009:04:25:34 -0400] "GET /rcmail/CHANGELOG 
HTTP/1.1" 404 1003
93.190.138.51 - - [31/Mar/2009:04:25:35 -0400] "GET //CHANGELOG 
HTTP/1.1" 404 985
93.190.138.51 - - [31/Mar/2009:04:25:35 -0400] "GET /rc/CHANGELOG 
HTTP/1.1" 404 991
93.190.138.51 - - [31/Mar/2009:04:25:35 -0400] "GET /email/CHANGELOG 
HTTP/1.1" 404 1000
93.190.138.51 - - [31/Mar/2009:04:25:35 -0400] "GET /mail2/CHANGELOG 
HTTP/1.1" 404 1000
93.190.138.51 - - [31/Mar/2009:04:25:35 -0400] "GET /Webmail/CHANGELOG 
HTTP/1.1" 404 1006
93.190.138.51 - - [31/Mar/2009:04:25:36 -0400] "GET 
/components/com_roundcube/CHANGELOG HTTP/1.1" 404 1057
93.190.138.51 - - [31/Mar/2009:04:25:36 -0400] "GET 
/squirrelmail/CHANGELOG HTTP/1.1" 404 1021
93.190.138.51 - - [31/Mar/2009:04:25:36 -0400] "GET 
/vhcs2/tools/webmail/CHANGELOG HTTP/1.1" 404 1042
93.190.138.51 - - [31/Mar/2009:04:25:36 -0400] "GET /round/CHANGELOG 
HTTP/1.1" 404 1000
195.207.15.79 - - [04/Apr/2009:05:14:18 -0400] "GET 
/roundcube/CHANGELOG HTTP/1.1" 404 1012
195.207.15.79 - - [04/Apr/2009:05:14:18 -0400] "GET /mail/CHANGELOG 
HTTP/1.1" 404 997
195.207.15.79 - - [04/Apr/2009:05:14:18 -0400] "GET /webmail/CHANGELOG 
HTTP/1.1" 404 1006
195.207.15.79 - - [04/Apr/2009:05:14:18 -0400] "GET 
/roundcubemail/CHANGELOG HTTP/1.1" 404 1024
195.207.15.79 - - [04/Apr/2009:05:14:18 -0400] "GET /rcmail/CHANGELOG 
HTTP/1.1" 404 1003
195.207.15.79 - - [04/Apr/2009:05:14:19 -0400] "GET //CHANGELOG 
HTTP/1.1" 404 985
195.207.15.79 - - [04/Apr/2009:05:14:19 -0400] "GET /rc/CHANGELOG 
HTTP/1.1" 404 991
195.207.15.79 - - [04/Apr/2009:05:14:19 -0400] "GET /email/CHANGELOG 
HTTP/1.1" 404 1000
195.207.15.79 - - [04/Apr/2009:05:14:19 -0400] "GET /mail2/CHANGELOG 
HTTP/1.1" 404 1000
195.207.15.79 - - [04/Apr/2009:05:14:19 -0400] "GET /Webmail/CHANGELOG 
HTTP/1.1" 404 1006
195.207.15.79 - - [04/Apr/2009:05:14:20 -0400] "GET 
/components/com_roundcube/CHANGELOG HTTP/1.1" 404 1057
195.207.15.79 - - [04/Apr/2009:05:14:20 -0400] "GET 
/squirrelmail/CHANGELOG HTTP/1.1" 404 1021
195.207.15.79 - - [04/Apr/2009:05:14:20 -0400] "GET 
/vhcs2/tools/webmail/CHANGELOG HTTP/1.1" 404 1042
195.207.15.79 - - [04/Apr/2009:05:14:20 -0400] "GET /round/CHANGELOG 
HTTP/1.1" 404 1000
209.160.64.61 - - [05/Apr/2009:20:36:02 -0400] "GET 
/roundcube/CHANGELOG HTTP/1.1" 404 1012
209.160.64.61 - - [05/Apr/2009:20:36:02 -0400] "GET /mail/CHANGELOG 
HTTP/1.1" 404 997
209.160.64.61 - - [05/Apr/2009:20:36:02 -0400] "GET /webmail/CHANGELOG 
HTTP/1.1" 404 1006
209.160.64.61 - - [05/Apr/2009:20:36:02 -0400] "GET 
/roundcubemail/CHANGELOG HTTP/1.1" 404 1024
209.160.64.61 - - [05/Apr/2009:20:36:02 -0400] "GET /rcmail/CHANGELOG 
HTTP/1.1" 404 1003
209.160.64.61 - - [05/Apr/2009:20:36:02 -0400] "GET //CHANGELOG 
HTTP/1.1" 404 985
209.160.64.61 - - [05/Apr/2009:20:36:02 -0400] "GET /rc/CHANGELOG 
HTTP/1.1" 404 991
209.160.64.61 - - [05/Apr/2009:20:36:02 -0400] "GET /email/CHANGELOG 
HTTP/1.1" 404 1000
209.160.64.61 - - [05/Apr/2009:20:36:02 -0400] "GET /mail2/CHANGELOG 
HTTP/1.1" 404 1000
209.160.64.61 - - [05/Apr/2009:20:36:02 -0400] "GET /Webmail/CHANGELOG 
HTTP/1.1" 404 1006
209.160.64.61 - - [05/Apr/2009:20:36:02 -0400] "GET 
/components/com_roundcube/CHANGELOG HTTP/1.1" 404 1057
209.160.64.61 - - [05/Apr/2009:20:36:03 -0400] "GET 
/squirrelmail/CHANGELOG HTTP/1.1" 404 1021
209.160.64.61 - - [05/Apr/2009:20:36:03 -0400] "GET 
/vhcs2/tools/webmail/CHANGELOG HTTP/1.1" 404 1042
209.160.64.61 - - [05/Apr/2009:20:36:03 -0400] "GET /round/CHANGELOG 
HTTP/1.1" 404 1000
It seems my users have same issue, and OS (centos 5.x) was hacked.
Their roundcube is 0.1.1-stable.
-- 
Best regards.

Zhang Huangbin

- Open Source Mail Server Solution for RHEL/CentOS 5.x:
  http://code.google.com/p/iredmail/

_______________________________________________
List info: http://lists.roundcube.net/dev/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [RCD] Hacker Magnet