Hello,
Not sure if this is new to you but
213.96.25.30 - - [05/Mar/2009:19:22:14 +0100] "POST /roundcube/bin/html2text.php HTTP/1.0" 406
and as a result a non-empty directory /tmp/guestbook.ntr/ is created and a file /tmp/guestbook.php (which then causes issues with the operating system).
This html2text.php file has been used by an attacker on my system (at least I think so). I have removed roundcube from my system and since then I have had no trouble, although they have been scanning for this file as I read from the logs.
Yours,
Yes, we're aware of that and the security issue has been fixed back in December: http://lists.roundcube.net/mail-archive/users/2008-12/0000021.html
Also the 0.2-stable as well as the latest 0.2.1 release are not vulnerable to this anymore.
~Thomas
Zbigniew Szalbot wrote:
Hello,
Not sure if this is new to you but
213.96.25.30 - - [05/Mar/2009:19:22:14 +0100] "POST /roundcube/bin/html2text.php HTTP/1.0" 406
and as a result a non-empty directory /tmp/guestbook.ntr/ is created and a file /tmp/guestbook.php (which then causes issues with the operating system).
This html2text.php file has been used by an attacker on my system (at least I think so). I have removed roundcube from my system and since then I have had no trouble, although they have been scanning for this file as I read from the logs.
Yours,
List info: http://lists.roundcube.net/users/
-
Thomas Bruederli -
Zbigniew Szalbot