I have had 3 users in the last 30 days that I know have their systems
compromised by Roundcube. The most common method is by exploiting the
html2text.php file which will allow a remote hacker to upload code to
the system and create a cron job which will effectively give them
complete access to the system.
I know we put a Roundcube installation script into Qmailtoaster-Plus due
to user request, but I urge you to *not* use it unless you're on a
closed system or want to fix the code yourself. I will be removing the
Roundcube installation script from future releases of Qmailtoaster-Plus
to avoid confusion and hate-mails to me and Eric.
Thanks.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]