But what about your mailbox users?
It's important to know if Roundcube was hacked or if a privileged user was used to send automatic e-mails.
It already happened to me that I received an e-mail from BSI (German Federal Office for Information Security) warning me about an online list which contained username and password credentials of mailbox users, some of them also sitting on my hosting server.
What if you block the affected user or change his mailbox password? What happens then? Do the hacks/attacks/automated mails stop?
On 2011-04-20 1:03 PM, Arthur Titeica wrote:
>>> comments please!
>
> On Thu, 17 Mar 2011 14:53:00 -0700, Jim Pazarena wrote:
>
>> I recently discovered a hacker (IP: 41.211.223.83)
>> ALL SHOULD BLACKLIST who signed on to my roundcube system
>> with login credentials of a legitimate user, and used
>> roundcube to send out 82 emails (junk "I have a proposal for
>> you") to hundreds of recipients EACH.
>>
>
> What roundcube version you have?
this was 0.5
I recently upgraded to 0.5.1
Incidentally, I found a SECOND roundcube 'hack'. Hundreds more
spam sent out thru roundcube.
What concerns me is that the attack seemed automated in that
the number of emails in the short time spam could not have
been injected manually. Suggesting a bot of some sort automatically
inserting the spam thru the web interface.
BT/86b78bab