Tomas Kuliavas wrote:
Installed Plugins
1. delete_move_next
2. squirrelspell
3. newmail
4. mpppolicygroup
5. quota_usage
Available Plugins:
6. translate
7. compatibility
8. spamcop
9. sent_subfolders
Paul Lesniewski wrote:
On 10/9/07, Nick Bright <[EMAIL PROTECTED]> wrote:
Paul Lesniewski wrote:
On 10/9/07, Ken A <[EMAIL PROTECTED]> wrote:
Nick Bright wrote:
Ken A wrote:
Nick Bright wrote:
Per some suggestions in the thread I was able to determine that they are
not using
d users' password was
compromised, but is there any way to mitigate this type of thing?
I would appreciate any feedback regarding this topic and methods of
mitigating damage done by compromised accounts. I will also answer any
questions that may help develop a method of mitigation.
- Nick Bright
Ken A wrote:
Nick Bright wrote:
Tomas Kuliavas wrote:
Have you tried to protect your webmail traffic? Signed SSL certificate
costs less than 20 USD.
I'd expect they support SSL on their end, this probably wouldn't make
any difference.
The difference is that fewer passwords could
Paul Lesniewski wrote:
On 10/9/07, Tomas Kuliavas <[EMAIL PROTECTED]> wrote:
CentOS 4.5 w/ squirrelmail-1.4.8-4.0.1.el4.centos. Plugins are:
CVE-2006-6142, CVE-2007-1262, CVE-2007-2589. Please note that html
filtering functions must be patched to 1.4.10+ level. Having only 1.4.9a
patches is not
Paul Lesniewski wrote:
On 10/9/07, Ken A <[EMAIL PROTECTED]> wrote:
Nick Bright wrote:
Ken A wrote:
Nick Bright wrote:
Per some suggestions in the thread I was able to determine that they are
not using "mailto.php", but rather compose.php:
/var/log/httpd/access_log:196.1
ser, from what I can tell. They are using a
valid username and password apparently culled from an infected PC somewhere.
Have you tried to protect your webmail traffic? Signed SSL certificate
costs less than 20 USD.
I'd expect they support SSL on their end, this probably wouldn't
Ken A wrote:
Nick Bright wrote:
Ken A wrote:
Nick Bright wrote:
Per some suggestions in the thread I was able to determine that they are
not using "mailto.php", but rather compose.php:
/var/log/httpd/access_log:196.1.179.183 - - [07/Oct/2007:21:54:10 -0500]
"GET /webmail/
Ken A wrote:
Nick Bright wrote:
Per some suggestions in the thread I was able to determine that they are
not using "mailto.php", but rather compose.php:
/var/log/httpd/access_log:196.1.179.183 - - [07/Oct/2007:21:54:10 -0500]
"GET /webmail/src/compose.php?mail_sent=yes HTTP
like this is a bug or a
security vulnerability in SM since a valid users' password was
compromised, but is there any way to mitigate this type of thing?
I would appreciate any feedback regarding this topic and methods of
mitigating damage done by compromised accounts. I will also answer an
10 matches
Mail list logo
