The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Squirrel Mail Vulnerable ?

Discussion in 'E-mail Discussions' started by 4u123, Feb 4, 2007.

  1. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    Hi folks,

    CSF just picked up this...


    How did they manage to copy files into the /.sqmaildata/.pref/ directory ?
     
  2. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    I'm very surprised there are no replies to this.

    Nobody concerned that their squirrel mail might be easily hacked into ?
     
  3. katmai

    katmai Well-Known Member

    Joined:
    Mar 13, 2006
    Messages:
    526
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brno, Czech Republic
    i am very surprised you do not run a proper firewall so that abnormal connections, bots that might get in, would be blocked.

    second of all... no, because you did not provide us with any logs. first of all how did those files get there? apache logs, ftp logs, xfer logs, messages, domlogs.

    without a proper investigation, how could you say that squirellmail is vulnerable?
     
  4. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    We dont run a hardware firewall for these servers becasue we find CSF perfectly adequate, just like lots of others.

    I checked the logs and couldnt find anything unusual.

    Why do you think I posted it here ? I was looking for advice. ;)
     
  5. katmai

    katmai Well-Known Member

    Joined:
    Mar 13, 2006
    Messages:
    526
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brno, Czech Republic
    okay the thing:

    Network connections by the process (if any):

    tcp: ip.ip.ip.ip:4000 -> 0.0.0.0:0
    tcp: ip.ip.ip.ip:58716 -> 208.99.193.130:6667

    if the firewall would have been properly configured, then a network connection culd have not been established by malicious software that might have been set on the server. at least this is what i do ...
     
Loading...

Share This Page