I have had 3 users in the last 30 days that I know have their systems compromised by Roundcube. The most common method is by exploiting the html2text.php file which will allow a remote hacker to upload code to the system and create a cron job which will effectively give them complete access to the system.

I know we put a Roundcube installation script into Qmailtoaster-Plus due to user request, but I urge you to *not* use it unless you're on a closed system or want to fix the code yourself. I will be removing the Roundcube installation script from future releases of Qmailtoaster-Plus to avoid confusion and hate-mails to me and Eric.
Thanks.


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to