Nick Bright-2 wrote:
>
> My attempted suggestion was merely "hey, could this particular method be
> broken by changing part X". Your answer is obviously "No, it can't", so
> lets just leave it at that.
>
There are two ways to submit form information in HTML. POST and GET. GET is
not allowed
Tomas Kuliavas wrote:
Installed Plugins
1. delete_move_next
2. squirrelspell
3. newmail
4. mpppolicygroup
5. quota_usage
Available Plugins:
6. translate
7. compatibility
8. spamcop
9. sent_subfolders
Hallo, Paul,
Du (paul) meintest am 09.10.07:
> On 10/9/07, Paul Lesniewski <[EMAIL PROTECTED]> wrote:
>> On 10/9/07, Nick Bright <[EMAIL PROTECTED]> wrote:
>>> Paul Lesniewski wrote:
Please do NOT top-post and try to use correct reply quoting.
On 10/9/07, Brent <[EMAIL PROTECTED]>
>>> Installed Plugins
>>> 1. delete_move_next
>>> 2. squirrelspell
>>> 3. newmail
>>> 4. mpppolicygroup
>>> 5. quota_usage
>>>
>>> Available Plugins:
>>> 6. translate
>>> 7. compatibility
>>> 8. spamcop
>>> 9. sent_subfolders
>>> 10. check_quota
>>
>> Ver
On 10/9/07, Paul Lesniewski <[EMAIL PROTECTED]> wrote:
> On 10/9/07, Nick Bright <[EMAIL PROTECTED]> wrote:
> > Paul Lesniewski wrote:
> > > Please do NOT top-post and try to use correct reply quoting.
> > >
> > > On 10/9/07, Brent <[EMAIL PROTECTED]> wrote:
> > >> I had this exact issue. It ended
On 10/9/07, Nick Bright <[EMAIL PROTECTED]> wrote:
> Paul Lesniewski wrote:
> > Please do NOT top-post and try to use correct reply quoting.
> >
> > On 10/9/07, Brent <[EMAIL PROTECTED]> wrote:
> >> I had this exact issue. It ended up being one exploited account. The IP
> >> addresses connecting
>>On 10/9/07, Brent <[EMAIL PROTECTED]> wrote:
>> I had this exact issue. It ended up being one exploited account. The IP
>> addresses connecting to the account were from various APNIC blocks. I
would
>> block one IP and it would move to another... suggesting that it was some
>> kind of bot - ho
Paul Lesniewski wrote:
On 10/9/07, Nick Bright <[EMAIL PROTECTED]> wrote:
Paul Lesniewski wrote:
On 10/9/07, Ken A <[EMAIL PROTECTED]> wrote:
Nick Bright wrote:
Ken A wrote:
Nick Bright wrote:
Per some suggestions in the thread I was able to determine that they are
not using "mailto.php",
Paul Lesniewski wrote:
Please do NOT top-post and try to use correct reply quoting.
On 10/9/07, Brent <[EMAIL PROTECTED]> wrote:
I had this exact issue. It ended up being one exploited account. The IP
addresses connecting to the account were from various APNIC blocks. I would
block one IP an
Nick Bright wrote:
> Ken A wrote:
>> Nick Bright wrote:
>>> Tomas Kuliavas wrote:
>>
Have you tried to protect your webmail traffic? Signed SSL certificate
costs less than 20 USD.
>>> I'd expect they support SSL on their end, this probably wouldn't make
>>> any difference.
>>
>> The diff
Brent wrote:
> I had this exact issue. It ended up being one exploited account. The IP
> addresses connecting to the account were from various APNIC blocks. I would
> block one IP and it would move to another... suggesting that it was some
> kind of bot - however, I added the captcha plugin and
Please do NOT top-post and try to use correct reply quoting.
On 10/9/07, Brent <[EMAIL PROTECTED]> wrote:
> I had this exact issue. It ended up being one exploited account. The IP
> addresses connecting to the account were from various APNIC blocks. I would
> block one IP and it would move to a
Ken A wrote:
Nick Bright wrote:
Tomas Kuliavas wrote:
Have you tried to protect your webmail traffic? Signed SSL certificate
costs less than 20 USD.
I'd expect they support SSL on their end, this probably wouldn't make
any difference.
The difference is that fewer passwords could easily be
On 10/9/07, Nick Bright <[EMAIL PROTECTED]> wrote:
> Paul Lesniewski wrote:
> > On 10/9/07, Ken A <[EMAIL PROTECTED]> wrote:
> >> Nick Bright wrote:
> >>> Ken A wrote:
> Nick Bright wrote:
>
> > Per some suggestions in the thread I was able to determine that they are
> > not using
Nick Bright wrote:
> Tomas Kuliavas wrote:
>> Have you tried to protect your webmail traffic? Signed SSL certificate
>> costs less than 20 USD.
>
> I'd expect they support SSL on their end, this probably wouldn't make
> any difference.
The difference is that fewer passwords could easily be stol
I had this exact issue. It ended up being one exploited account. The IP
addresses connecting to the account were from various APNIC blocks. I would
block one IP and it would move to another... suggesting that it was some
kind of bot - however, I added the captcha plugin and they kept logging in!
Paul Lesniewski wrote:
On 10/9/07, Tomas Kuliavas <[EMAIL PROTECTED]> wrote:
CentOS 4.5 w/ squirrelmail-1.4.8-4.0.1.el4.centos. Plugins are:
CVE-2006-6142, CVE-2007-1262, CVE-2007-2589. Please note that html
filtering functions must be patched to 1.4.10+ level. Having only 1.4.9a
patches is not
Paul Lesniewski wrote:
On 10/9/07, Ken A <[EMAIL PROTECTED]> wrote:
Nick Bright wrote:
Ken A wrote:
Nick Bright wrote:
Per some suggestions in the thread I was able to determine that they are
not using "mailto.php", but rather compose.php:
/var/log/httpd/access_log:196.1.179.183 - - [07/Oct
Tomas Kuliavas wrote:
CentOS 4.5 w/ squirrelmail-1.4.8-4.0.1.el4.centos. Plugins are:
CVE-2006-6142, CVE-2007-1262, CVE-2007-2589. Please note that html
filtering functions must be patched to 1.4.10+ level. Having only 1.4.9a
patches is not enough. If changelog says that CVE-2006-6142 is fixed,
Ken A wrote:
Nick Bright wrote:
Ken A wrote:
Nick Bright wrote:
Per some suggestions in the thread I was able to determine that they are
not using "mailto.php", but rather compose.php:
/var/log/httpd/access_log:196.1.179.183 - - [07/Oct/2007:21:54:10 -0500]
"GET /webmail/src/compose.php?mail
On 10/9/07, Tomas Kuliavas <[EMAIL PROTECTED]> wrote:
> > CentOS 4.5 w/ squirrelmail-1.4.8-4.0.1.el4.centos. Plugins are:
>
> CVE-2006-6142, CVE-2007-1262, CVE-2007-2589. Please note that html
> filtering functions must be patched to 1.4.10+ level. Having only 1.4.9a
> patches is not enough. If cha
On 10/9/07, Ken A <[EMAIL PROTECTED]> wrote:
> Nick Bright wrote:
> > Ken A wrote:
> >> Nick Bright wrote:
> >>
> >>> Per some suggestions in the thread I was able to determine that they are
> >>> not using "mailto.php", but rather compose.php:
> >>>
> >>> /var/log/httpd/access_log:196.1.179.183 -
> CentOS 4.5 w/ squirrelmail-1.4.8-4.0.1.el4.centos. Plugins are:
CVE-2006-6142, CVE-2007-1262, CVE-2007-2589. Please note that html
filtering functions must be patched to 1.4.10+ level. Having only 1.4.9a
patches is not enough. If changelog says that CVE-2006-6142 is fixed,
check functions/mime.p
Nick Bright wrote:
> Ken A wrote:
>> Nick Bright wrote:
>>
>>> Per some suggestions in the thread I was able to determine that they are
>>> not using "mailto.php", but rather compose.php:
>>>
>>> /var/log/httpd/access_log:196.1.179.183 - - [07/Oct/2007:21:54:10 -0500]
>>> "GET /webmail/src/compose.
Ken A wrote:
Nick Bright wrote:
Per some suggestions in the thread I was able to determine that they are
not using "mailto.php", but rather compose.php:
/var/log/httpd/access_log:196.1.179.183 - - [07/Oct/2007:21:54:10 -0500]
"GET /webmail/src/compose.php?mail_sent=yes HTTP/1.1" 200 37102
"htt
Sorry to reopen a thread, but I am seeing the same issue as the original
poster in this thread:
http://sourceforge.net/mailarchive/message.php?msg_id=c11d02530709050557ldb78519i4cdecd1ea08dc368%40mail.gmail.com
In that I am seeing spam sent through my SM install, packages are:
CentOS 4.5 w/ squi
Nick Bright wrote:
> Per some suggestions in the thread I was able to determine that they are
> not using "mailto.php", but rather compose.php:
>
> /var/log/httpd/access_log:196.1.179.183 - - [07/Oct/2007:21:54:10 -0500]
> "GET /webmail/src/compose.php?mail_sent=yes HTTP/1.1" 200 37102
> "http://
Fredrik Jervfors wrote:
Matt wrote:
On 9/7/07, Chris Hoogendyk <[EMAIL PROTECTED]> wrote:
Matt wrote:
Do you have any proof of a virus logging in? Couldn't it just be
plain ol' keyboard logging and the the person who gets the logs
(not your intended
users) sends out the spam manually? It's tec
> Matt wrote:
>> On 9/7/07, Chris Hoogendyk <[EMAIL PROTECTED]> wrote:
>>> Matt wrote:
> Do you have any proof of a virus logging in? Couldn't it just be
> plain ol' keyboard logging and the the person who gets the logs
> (not your intended
> users) sends out the spam manually? It's
>> If is an exploit to squirrelmail maybe a simple renaming mailto.php
>> mailtonew.php (and edit al references to mailto.php) can solve temporary
>> this
>> issue.
>
> What is this mailto.php vulnerability of which I've heard so much in
> this thread? Sounds like something rather nasty.
I gave
> If is an exploit to squirrelmail maybe a simple renaming mailto.php
> mailtonew.php (and edit al references to mailto.php) can solve temporary this
> issue.
What is this mailto.php vulnerability of which I've heard so much in
this thread? Sounds like something rather nasty.
> 2.Use the plugin
First:
This can happen for 2 reasons:
-keylogger into customer house.
-Vulnerabilitys into squirrelmail.
You must work to determine what is happen.
If the customer have a keylogger, then the spammer have the data (password,
username). And you will have the same problem with all webmail progs. Un
El Viernes, 7 de Septiembre de 2007 21:57, Paul Lesniewski escribió:
> On 9/7/07, Christian Schmitz <[EMAIL PROTECTED]> wrote:
> > First:
> > This can happen for 2 reasons:
>
> Many more than that.
>
> > -keylogger into customer house.
> > -Vulnerabilitys into squirrelmail.
>
> - Non-SSL-encrypted
On 9/7/07, Christian Schmitz <[EMAIL PROTECTED]> wrote:
> First:
> This can happen for 2 reasons:
Many more than that.
> -keylogger into customer house.
> -Vulnerabilitys into squirrelmail.
- Non-SSL-encrypted logins sniffed
- Vuln that sniffs login info stored in browser
- User mistakes like no
First:
This can happen for 2 reasons:
-keylogger into customer house.
-Vulnerabilitys into squirrelmail.
You must work to determine what is happen.
If the customer have a keylogger, then the spammer have the data (password,
username). And you will have the same problem with all webmails progs. U
Matt wrote:
>> Do you have any proof of a virus logging in? Couldn't it just be plain ol'
>> keyboard logging and the the person who gets the logs (not your intended
>> users) sends out the spam manually? It's technically possible to write a
>> program that logs in automatically, using any kind o
Matt wrote:
> On 9/7/07, Chris Hoogendyk <[EMAIL PROTECTED]> wrote:
>
>> Matt wrote:
>>
Do you have any proof of a virus logging in? Couldn't it just be plain ol'
keyboard logging and the the person who gets the logs (not your intended
users) sends out the spam manually? It
On 9/7/07, Chris Hoogendyk <[EMAIL PROTECTED]> wrote:
>
>
> Matt wrote:
> >> Do you have any proof of a virus logging in? Couldn't it just be plain ol'
> >> keyboard logging and the the person who gets the logs (not your intended
> >> users) sends out the spam manually? It's technically possible to
> Do you have any proof of a virus logging in? Couldn't it just be plain ol'
> keyboard logging and the the person who gets the logs (not your intended
> users) sends out the spam manually? It's technically possible to write a
> program that logs in automatically, using any kind of mail interface -
>> or turn off login_auto functionality and block all requests to
>> src/mailto.php.
>
> src/mailto.php doesn't exist.
"src/mailto.php" is part of SquirrelMail since 1.4.5 and 1.5.0. The OP is
using 1.4.4.
Sincerely,
Fredrik
--
>> or turn off login_auto functionality and block all requests to
>> src/mailto.php.
>
> src/mailto.php doesn't exist.
>
> However, again we are chasing the straw man (is that the right term to
> use here?). I'm being told to upgrade because of security, etc, etc
> yet that's not the issue..
>
> > That has the
> > potential to make people very very upset... and is what gives alot of
> > the Linux community a bad name.
>
> http://catb.org/~esr/faqs/smart-questions.html#keepcool
Ok.. that's fine.. as long as that's what you are operating under.. I
have no issues with that :)
--
>> If you use SquirrelMail 1.4.4 and turned off email modifications in
>> SquirrelMail configuration, you haven't disabled it.
>
> Why do you keep saying that? I've turned it off, and if I go into
> the settings... I definitely can not change the setting... how do you
> propose someone would chan
On 9/6/07, Matt <[EMAIL PROTECTED]> wrote:
> I'm not doubting that what Paul is suggesting, I'm trying to
> understand a little better.
>
> Also, just as an FYI, Paul when someone top posts or bottom posts
> or does anything else that isn't set in stone or law... it's probably
> better to just
I'm not doubting that what Paul is suggesting, I'm trying to
understand a little better.
Also, just as an FYI, Paul when someone top posts or bottom posts
or does anything else that isn't set in stone or law... it's probably
better to just let it go rather than go off about it. That has the
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Matt
> Sent: Thursday, September 06, 2007 3:06 PM
> Cc: squirrelmail-users@lists.sourceforge.net
> Subject: Re: [SM-USERS] Spam Sent From WebMail
>
> > If you use Squ
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Matt
> Sent: Thursday, September 06, 2007 3:10 PM
> Cc: squirrelmail-users@lists.sourceforge.net
> Subject: Re: [SM-USERS] Spam Sent From WebMail
>
> > or turn of
Removing thread context is not helpful.
> > or turn off login_auto functionality and block all requests to
> > src/mailto.php.
>
> src/mailto.php doesn't exist.
>
> However, again we are chasing the straw man (is that the right term to
> use here?). I'm being told to upgrade because of security,
> or turn off login_auto functionality and block all requests to
> src/mailto.php.
src/mailto.php doesn't exist.
However, again we are chasing the straw man (is that the right term to
use here?). I'm being told to upgrade because of security, etc,
etc yet that's not the issue.. the issue i
> "not upgraded due to various themes". If you haven't modified SquirrelMail
> scripts, upgrade path is simple. You just have to fix login page and
> reapply msg flags patches.
I'll try.. but I'm pretty sure our theme breaks when we try to
upgrade.. I know it definitely broke when we tried it on o
> If you use SquirrelMail 1.4.4 and turned off email modifications in
> SquirrelMail configuration, you haven't disabled it.
Why do you keep saying that? I've turned it off, and if I go into
the settings... I definitely can not change the setting... how do you
propose someone would change it?
-
> >> Please provide more information about your setup.
> >> 1. SquirrelMail version
> >
> > 1.4.4 (have not upgraded due to various themes, etc we have installed)
>
> please upgrade. http://www.squirrelmail.org/security/.
>
> or turn off login_auto functionality and block all requests to
> src/mail
>> Please provide more information about your setup.
>> 1. SquirrelMail version
>
> 1.4.4 (have not upgraded due to various themes, etc we have installed)
please upgrade. http://www.squirrelmail.org/security/.
or turn off login_auto functionality and block all requests to
src/mailto.php.
>
>> 2.
Freddie Cash wrote:
> On September 6, 2007 06:45 am John Hinton wrote:
>> Matt wrote:
>>> Thomas,
>>> Sorry about sending that directly to you. The SM mailing list is
>>> the only one I have to hit 'reply all' and then remove the TO: from
>>> to get it to go correctly. All other mailing lits I'
On September 6, 2007 06:45 am John Hinton wrote:
> Matt wrote:
> > Thomas,
> > Sorry about sending that directly to you. The SM mailing list is
> > the only one I have to hit 'reply all' and then remove the TO: from
> > to get it to go correctly. All other mailing lits I'm a member of,
> > if I
Matt wrote:
> Thomas,
> Sorry about sending that directly to you. The SM mailing list is the
> only one I have to hit 'reply all' and then remove the TO: from to get
> it to go correctly. All other mailing lits I'm a member of, if I hit
> 'reply' it will go back to the list, not the person who
Thomas,
Sorry about sending that directly to you. The SM mailing list is the
only one I have to hit 'reply all' and then remove the TO: from to get
it to go correctly. All other mailing lits I'm a member of, if I hit
'reply' it will go back to the list, not the person who sent the
message... an
> We haven't blocked that option, as we like to leave it open for the
> users. I'm just surprised no one else has had this problem...
> although I did see a post a few months ago with the same thing, but
> the person was told the same thing.
>
> At any rate, so it isn't forging the from address..
> Hi,
> Lately we've noticed an alarming trend of spam being sent out from our
> webmail server.It seems the new viruses will actually connect to
> the webmail server and log in as the user (saved username/password in
> internet explorer). It then sends e-mail from the user's webmail
> accoun
Do not top-post.
> > > Lately we've noticed an alarming trend of spam being sent out from our
> > > webmail server.It seems the new viruses will actually connect to
> > > the webmail server and log in as the user (saved username/password in
> > > internet explorer). It then sends e-mail from
Paul,
I saw this response to someone else (from you or another person). I'm
not sure why it seems to hard to believe the spammers are using
webmail. In this case they definitely are NOT forging headers.
1 - The headers are accounts that are valid on our system.
2 - When the accounts are terminat
On 9/5/07, Matt <[EMAIL PROTECTED]> wrote:
> Hi,
> Lately we've noticed an alarming trend of spam being sent out from our
> webmail server.It seems the new viruses will actually connect to
> the webmail server and log in as the user (saved username/password in
> internet explorer). It then se
Hi,
Lately we've noticed an alarming trend of spam being sent out from our
webmail server.It seems the new viruses will actually connect to
the webmail server and log in as the user (saved username/password in
internet explorer). It then sends e-mail from the user's webmail
account, but it do
63 matches
Mail list logo
