I had the same situation several times... The problem was in the weak passwords where the username and the password was the same or almost the same.
Later I made a small changes in the password policy so the stupid users can't choose weak passwords (8chr min, at least one uppercase, one lowercase, one number).... On 04/21/2011 02:29 PM, Jim Pazarena wrote: > On 2011-04-20 1:03 PM, Arthur Titeica wrote: >> >> On Thu, 17 Mar 2011 14:53:00 -0700, Jim Pazarena wrote: >> >>> I recently discovered a hacker (IP: 41.211.223.83) >>> ALL SHOULD BLACKLIST who signed on to my roundcube system >>> with login credentials of a legitimate user, and used >>> roundcube to send out 82 emails (junk "I have a proposal for >>> you") to hundreds of recipients EACH. >>> >>> comments please! >> What roundcube version you have? > this was 0.5 > > I recently upgraded to 0.5.1 > > Incidentally, I found a SECOND roundcube 'hack'. Hundreds more > spam sent out thru roundcube. > > What concerns me is that the attack seemed automated in that > the number of emails in the short time spam could not have > been injected manually. Suggesting a bot of some sort automatically > inserting the spam thru the web interface. -- List info: http://lists.roundcube.net/users/ BT/8f4f07cd
