ALEC!!!!!!!
There's some security problem in RC I believe!
Check this:
Feb 9 01:46:44 fastweb roundcube: <ibj96bvb> Successful login for donny@adhigunaputera.com (ID: 100412) from 110.136.11.0 in session ibj96bvbj5akqlt5slpc47ikfb
This user doesn't belong to any of the IMAP accounts, how was he able to login?
After the login, there's some login failed lines:
Feb 9 02:47:27 fastweb roundcube: <ibj96bvb> IMAP Error: Login failed for donny@adhigunaputera.com from 110.136.11.0. Empty startup greeting (mail.adhigunaputera.com:143) in /home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php on line 196 (POST /webmail/?_task=mail&_action=refresh)
Feb 9 02:48:37 fastweb roundcube: <ibj96bvb> IMAP Error: Login failed for donny@adhigunaputera.com from 110.136.11.0. Empty startup greeting (mail.adhigunaputera.com:143) in /home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php on line 196 (POST /webmail/?_task=mail&_action=refresh)
Feb 9 02:49:47 fastweb roundcube: <ibj96bvb> IMAP Error: Login failed for donny@adhigunaputera.com from 110.136.11.0. Empty startup greeting (mail.adhigunaputera.com:143) in /home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php on line 196 (POST /webmail/?_task=mail&_action=refresh
(funny the IP is the network IP)
What's the best place to move forward with investigation with this issue, here or dev list?
Could you assist me on this?
Thank you in advanced,
From: users-bounces@lists.roundcube.net [mailto:users-bounces@lists.roundcube.net] On Behalf Of Hannu Hirvonen Sent: 8 de fevereiro de 2018 20:43 To: users@lists.roundcube.net Subject: Re: [RCU] Unknown user in users table, very odd, possible security hole
On 08.02.2018 22:34, Jorge Bastos wrote:
Not in there but you made me remind about:
// Log successful/failed logins to <log_dir>/userlogins or to syslog
That's why I said "something like ...", might have been a bit clearer, of course :-)