Re: [SM-USERS] "Undefined variable: charset" message s

2009.11.06 02:12 Andrew Daviel rašė: > > (in a previous version I hacked squirrelmail to stop these; I forget what > I did and now they're back after an update. Obviously it's better to get > the code fixed or find the underlying problem...) > > I get a ton of PHP warnings in https/ssl_error_log, v

Re: [SM-USERS] Logging users vs. ip address

On Thu, Nov 5, 2009 at 4:12 PM, Andrew Daviel wrote: > On Wed, 4 Nov 2009, Tomas Kuliavas wrote: > >>> I'm sure there's a better, more elegant way, probably already done by >>> someone - maybe "Squirrel Logger" plugin which I hadn't found when I >>> wrote this. But for what it's worth: > >> Your b

Re: [SM-USERS] "Undefined variable: charset" messages

On Thu, Nov 5, 2009 at 4:12 PM, Andrew Daviel wrote: > > (in a previous version I hacked squirrelmail to stop these; I forget what > I did and now they're back after an update. Obviously it's better to get > the code fixed or find the underlying problem...) > > I get a ton of PHP warnings in https

Re: [SM-USERS] SM in phishing attacks - obtaining passwords

On Nov 5, 2009, at 6:48 PM, Andrew Daviel wrote: > I was wondering what other admin's experience has been with > compromised > SM accounts, and how spammers are able to obtain passwords. Spear phishing... Your user gave it to them. Search for it in their Sent mail. I expect you'll find it in

Re: [SM-USERS] Forcing a logout (invalidating current session)

On Sat, 31 Oct 2009, Paul Lesniewski wrote: > On Fri, Oct 30, 2009 at 2:07 PM, Andrew Daviel wrote: >> >> We had a user account compromised somehow (bad guys got the password). >> >> The user has changed their password. >> How can I kick off any logged-in sessions and make sure they can't login >

Re: [SM-USERS] Logging users vs. ip address

On Wed, 4 Nov 2009, Tomas Kuliavas wrote: >> I'm sure there's a better, more elegant way, probably already done by >> someone - maybe "Squirrel Logger" plugin which I hadn't found when I >> wrote this. But for what it's worth: > Your both changes are added right after hook calls. There is no need

[SM-USERS] "Undefined variable: charset" messages

(in a previous version I hacked squirrelmail to stop these; I forget what I did and now they're back after an update. Obviously it's better to get the code fixed or find the underlying problem...) I get a ton of PHP warnings in https/ssl_error_log, viz. PHP Notice: Undefined variable: char

[SM-USERS] SM in phishing attacks - obtaining passwords

On Sat, 31 Oct 2009, Paul Lesniewski wrote: (re. Forcing a logout ) > You can (could have) stopped this almost right away with MTA > rate-limiting or by using the Restrict Senders plugin. The Squirrel > Logger plugin could also have alerted you to the problem. If the > attacker got the password