Re: [qmailtoaster] Roundcube exploit
senthil vel wrote: Dear Jake, Thanks for the information. But our clients are not satisfied with the SquirrelMail. As they are using gmail and yahoo interfaces, they expect more and more from us. Can you suggest some other webmail interfaces work properly with QMT. Some people like appearance more than performance. There are hundreds of other webmail packages out there. You can skin Squirrelmail and get the same look/feel of Roundcube. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Roundcube exploit
Dear Jake, You can skin Squirrelmail means , design a skin for squirrelmail? or there are skins available? because i really dont know PHP or such design languages. Thanks and Regards, S.Senthilvel, On Sat, Feb 14, 2009 at 5:45 PM, Jake Vickers j...@qmailtoaster.com wrote: senthil vel wrote: Dear Jake, Thanks for the information. But our clients are not satisfied with the SquirrelMail. As they are using gmail and yahoo interfaces, they expect more and more from us. Can you suggest some other webmail interfaces work properly with QMT. Some people like appearance more than performance. There are hundreds of other webmail packages out there. You can skin Squirrelmail and get the same look/feel of Roundcube. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Roundcube exploit
senthil vel wrote: Dear Jake, You can skin Squirrelmail means , design a skin for squirrelmail? or there are skins available? because i really dont know PHP or such design languages. Yes. You can either design your own or hire someone to do it for you. There are thousands of programmers out there looking for work in today's economy. You can continue to use Roundcube as well - it's your server. I was just making you aware that the version that Qmailtoaster-Plus downloads has a huge security hole and that your machine will probably be taken over by hackers if you continue to use it. It's up to you if you want to follow my advice or not. I do not know if the newer versions of Roundcube have the same exploit. I honestly don't have enough time to keep up with the security patches and fixes for their package. If you want to research this and let the list know, I'm sure they would all be grateful. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Roundcube exploit
Dear Jake, Thanks for the information. But our clients are not satisfied with the SquirrelMail. As they are using gmail and yahoo interfaces, they expect more and more from us. Can you suggest some other webmail interfaces work properly with QMT. Some people like appearance more than performance. Thanks and Regards, S.Senthilvel, On Sat, Feb 14, 2009 at 1:11 AM, Jake Vickers j...@qmailtoaster.com wrote: I have had 3 users in the last 30 days that I know have their systems compromised by Roundcube. The most common method is by exploiting the html2text.php file which will allow a remote hacker to upload code to the system and create a cron job which will effectively give them complete access to the system. I know we put a Roundcube installation script into Qmailtoaster-Plus due to user request, but I urge you to *not* use it unless you're on a closed system or want to fix the code yourself. I will be removing the Roundcube installation script from future releases of Qmailtoaster-Plus to avoid confusion and hate-mails to me and Eric. Thanks. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Roundcube exploit
If you are interested in spending some money take a look at the following: http://www.nutsmail.com/ Paul On Sat, 2009-02-14 at 10:58 +0530, senthil vel wrote: Dear Jake, Thanks for the information. But our clients are not satisfied with the SquirrelMail. As they are using gmail and yahoo interfaces, they expect more and more from us. Can you suggest some other webmail interfaces work properly with QMT. Some people like appearance more than performance. Thanks and Regards, S.Senthilvel, On Sat, Feb 14, 2009 at 1:11 AM, Jake Vickers j...@qmailtoaster.com wrote: I have had 3 users in the last 30 days that I know have their systems compromised by Roundcube. The most common method is by exploiting the html2text.php file which will allow a remote hacker to upload code to the system and create a cron job which will effectively give them complete access to the system. I know we put a Roundcube installation script into Qmailtoaster-Plus due to user request, but I urge you to *not* use it unless you're on a closed system or want to fix the code yourself. I will be removing the Roundcube installation script from future releases of Qmailtoaster-Plus to avoid confusion and hate-mails to me and Eric. Thanks. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Roundcube exploit
Of course we are using Nutsmail. Some people are complaining several bugs in it. The complaints are deadly stupid, but we cant neglect the voices of client, 1. The printable view does not having an option Print Button 2. Some mails contains an attachment named as 'untitled.txt'. But if the mails viewed from SquirrelMail, we cant find any attachments. Thanks and Regards, S.Senthilvel, On Sat, Feb 14, 2009 at 11:04 AM, Paul Zimdars pzimd...@sdsio-mail.jpl.nasa.gov wrote: If you are interested in spending some money take a look at the following: http://www.nutsmail.com/ Paul On Sat, 2009-02-14 at 10:58 +0530, senthil vel wrote: Dear Jake, Thanks for the information. But our clients are not satisfied with the SquirrelMail. As they are using gmail and yahoo interfaces, they expect more and more from us. Can you suggest some other webmail interfaces work properly with QMT. Some people like appearance more than performance. Thanks and Regards, S.Senthilvel, On Sat, Feb 14, 2009 at 1:11 AM, Jake Vickers j...@qmailtoaster.com wrote: I have had 3 users in the last 30 days that I know have their systems compromised by Roundcube. The most common method is by exploiting the html2text.php file which will allow a remote hacker to upload code to the system and create a cron job which will effectively give them complete access to the system. I know we put a Roundcube installation script into Qmailtoaster-Plus due to user request, but I urge you to *not* use it unless you're on a closed system or want to fix the code yourself. I will be removing the Roundcube installation script from future releases of Qmailtoaster-Plus to avoid confusion and hate-mails to me and Eric. Thanks. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com