Users February 2018

users@lists.roundcube.net

16 participants
15 discussions

Security issue (possible?) (was: RE: Unknown user in users table, very odd, possible security hole)
by Jorge Bastos 09 Feb '18

09 Feb '18

ALEC!!!!!!! There's some security problem in RC I believe! Check this: Feb 9 01:46:44 fastweb roundcube: <ibj96bvb> Successful login for donny(a)adhigunaputera.com (ID: 100412) from 110.136.11.0 in session ibj96bvbj5akqlt5slpc47ikfb This user doesn't belong to any of the IMAP accounts, how was he able to login? After the login, there's some login failed lines: Feb 9 02:47:27 fastweb roundcube: <ibj96bvb> IMAP Error: Login failed for donny(a)adhigunaputera.com from 110.136.11.0. Empty startup greeting (mail.adhigunaputera.com:143) in /home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php on line 196 (POST /webmail/?_task=mail&_action=refresh) Feb 9 02:48:37 fastweb roundcube: <ibj96bvb> IMAP Error: Login failed for donny(a)adhigunaputera.com from 110.136.11.0. Empty startup greeting (mail.adhigunaputera.com:143) in /home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php on line 196 (POST /webmail/?_task=mail&_action=refresh) Feb 9 02:49:47 fastweb roundcube: <ibj96bvb> IMAP Error: Login failed for donny(a)adhigunaputera.com from 110.136.11.0. Empty startup greeting (mail.adhigunaputera.com:143) in /home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php on line 196 (POST /webmail/?_task=mail&_action=refresh (funny the IP is the network IP) What's the best place to move forward with investigation with this issue, here or dev list? Could you assist me on this? Thank you in advanced, From: users-bounces(a)lists.roundcube.net [mailto:users-bounces@lists.roundcube.net] On Behalf Of Hannu Hirvonen Sent: 8 de fevereiro de 2018 20:43 To: users(a)lists.roundcube.net Subject: Re: [RCU] Unknown user in users table, very odd, possible security hole On 08.02.2018 22:34, Jorge Bastos wrote: Not in there but you made me remind about: // Log successful/failed logins to <log_dir>/userlogins or to syslog That's why I said "something like ...", might have been a bit clearer, of course :-) -- Hannu Hirvonen (hh(a)uwasa.fi <mailto:hh@uwasa.fi> , http://www.uwasa.fi/~hh/) Computer Centre, University of Vaasa, BOX 700, FI-65101 VAASA, Finland

2 3

Re: [RCU] Unknown user in users table, very odd, possible security hole
by Hannu Hirvonen 08 Feb '18

08 Feb '18

On 08.02.2018 22:34, Jorge Bastos wrote: > > Not in there but you made me remind about: > > // Log successful/failed logins to <log_dir>/userlogins or to syslog > That's why I said "something like ...", might have been a bit clearer, of course :-) -- Hannu Hirvonen (hh(a)uwasa.fi, http://www.uwasa.fi/~hh/) Computer Centre, University of Vaasa, BOX 700, FI-65101 VAASA, Finland

1 0

Re: [RCU] Unknown user in users table, very odd, possible security hole
by Hannu Hirvonen 08 Feb '18

08 Feb '18

On 08.02.2018 22:06, Jorge Bastos wrote: > > That’s what i would like to do, but where would i find that information? > > In the users table isn’t there, or I’m not searching in the correct place. > Something like */var/log/roundcubemail/userlogins* perhaps? -- Hannu Hirvonen (hh(a)uwasa.fi, http://www.uwasa.fi/~hh/) Computer Centre, University of Vaasa, BOX 700, FI-65101 VAASA, Finland

2 1

Unknown user in users table, very odd, possible security hole
by Jorge Bastos 08 Feb '18

08 Feb '18

Howdy, I have a verrryyyyy odd thing happening. I have an user, unknown, that is in my users table, for a domain that isn't mine, and never was. This records keep's having last_login fields updated, so someway he's being able to login right? Odd to see that the field after the datetime fields (that is the failed_login_count) is zero, Is there any plugin or so to records the IP from which the logins are made? Where to search for this possible breach? Regards,

2 2

My roundcube email
by Sharon Canovali 07 Feb '18

07 Feb '18

Hi! I'm wondering if anyone can help me get my email straightened out. I've had challenges from the start and greatly fear I've lost business because it's the address on my business cards, but I am unable to receive ANY emails. The account is so clogged emails won't even load. I can't even clean it up, or do anything. 😔 I appreciate any help you can give. Thank you, so much.

4 5

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Users February 2018