I recently discovered a hacker (IP: 41.211.223.83) ALL SHOULD BLACKLIST who signed on to my roundcube system with login credentials of a legitimate user, and used roundcube to send out 82 emails (junk "I have a proposal for you") to hundreds of recipients EACH.
Spamming thousands of people!
I enforce SSL connectivity.
This felon logged in twice, @13:49 and 15:31. But without a log OUT time, I can't tell if this felon sat there cutting and pasting, or if was an automated attack.
Question: are there BOTS which can do this automatically?
This has me furious, and wonder just how anal I have to get checking roundcube logins?
comments please!
List info: http://lists.roundcube.net/users/ BT/9b404e9e
On 03/17/2011 10:53 PM, Jim Pazarena wrote:
I recently discovered a hacker (IP: 41.211.223.83) ALL SHOULD BLACKLIST who signed on to my roundcube system with login credentials of a legitimate user, and used roundcube to send out 82 emails (junk "I have a proposal for you") to hundreds of recipients EACH.
Spamming thousands of people!
I enforce SSL connectivity.
This felon logged in twice, @13:49 and 15:31. But without a log OUT time, I can't tell if this felon sat there cutting and pasting, or if was an automated attack.
Question: are there BOTS which can do this automatically?
This has me furious, and wonder just how anal I have to get checking roundcube logins?
comments please!
How many user accounts were affected, or was it only one?
Have you got any log files on how your RoundCube install was compromised, or was it RC? Perhaps, it was mysql, or another vector?
Are sure that the user of the comprised account was not a victim of a virus/key-logger/phishing attack?
Regards.
-
Jim Pazarena -
JKL