Zbigniew Szalbot wrote: > hello, > > I strongly advise anyone who has the mail/roundcube port or software > installed to be careful as it has a security bug (and I do not know > where to report it). It allows people to remotely place a trojan on > /tmp and use it. They do it like this: > > 220.127.116.11 - - [05/Mar/2009:19:22:14 +0100] "POST > /roundcube/bin/html2text.php HTTP/1.0" 406 > and as a result a non-empty directory /tmp/guestbook.ntr/ is created > and a file /tmp/guestbook.php > > This html2text.php file has been used by an attacker on my system (at > least I think so). I have removed the port and since then I have had > no trouble, although they have been scanning for this file as I can > read in the logs. > > Yours, >
I have an eCommerce store and sometimes up to about two thirds of the script kiddie runs include a search for roundcube. So it is highly sought after active vulnerability for compromising web sites. I don't use it myself so it has no effect on my site, but I am seeing the traffic. -Mike _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"