Re: [RCD] Hacker Magnet

Mon, 06 Apr 2009 19:43:40 -0700 

two hundred wrote:
> Greetings,
>
> My apologies for the "hit & run"  but why are hackers looking for 
> roundcube on our server ?
> I'm not concerned about our system per se, my question is what 
> attracts hackers to roundcube ?
>
> Thanks,
>
> 93.190.138.51 - - [31/Mar/2009:04:25:34 -0400] "GET 
> /roundcube/CHANGELOG HTTP/1.1" 404 1012
> 93.190.138.51 - - [31/Mar/2009:04:25:34 -0400] "GET /mail/CHANGELOG 
> HTTP/1.1" 404 997
> 93.190.138.51 - - [31/Mar/2009:04:25:34 -0400] "GET /webmail/CHANGELOG 
> HTTP/1.1" 404 1006
> 93.190.138.51 - - [31/Mar/2009:04:25:34 -0400] "GET 
> /roundcubemail/CHANGELOG HTTP/1.1" 404 1024
> 93.190.138.51 - - [31/Mar/2009:04:25:34 -0400] "GET /rcmail/CHANGELOG 
> HTTP/1.1" 404 1003
> 93.190.138.51 - - [31/Mar/2009:04:25:35 -0400] "GET //CHANGELOG 
> HTTP/1.1" 404 985
> 93.190.138.51 - - [31/Mar/2009:04:25:35 -0400] "GET /rc/CHANGELOG 
> HTTP/1.1" 404 991
> 93.190.138.51 - - [31/Mar/2009:04:25:35 -0400] "GET /email/CHANGELOG 
> HTTP/1.1" 404 1000
> 93.190.138.51 - - [31/Mar/2009:04:25:35 -0400] "GET /mail2/CHANGELOG 
> HTTP/1.1" 404 1000
> 93.190.138.51 - - [31/Mar/2009:04:25:35 -0400] "GET /Webmail/CHANGELOG 
> HTTP/1.1" 404 1006
> 93.190.138.51 - - [31/Mar/2009:04:25:36 -0400] "GET 
> /components/com_roundcube/CHANGELOG HTTP/1.1" 404 1057
> 93.190.138.51 - - [31/Mar/2009:04:25:36 -0400] "GET 
> /squirrelmail/CHANGELOG HTTP/1.1" 404 1021
> 93.190.138.51 - - [31/Mar/2009:04:25:36 -0400] "GET 
> /vhcs2/tools/webmail/CHANGELOG HTTP/1.1" 404 1042
> 93.190.138.51 - - [31/Mar/2009:04:25:36 -0400] "GET /round/CHANGELOG 
> HTTP/1.1" 404 1000
>
> 195.207.15.79 - - [04/Apr/2009:05:14:18 -0400] "GET 
> /roundcube/CHANGELOG HTTP/1.1" 404 1012
> 195.207.15.79 - - [04/Apr/2009:05:14:18 -0400] "GET /mail/CHANGELOG 
> HTTP/1.1" 404 997
> 195.207.15.79 - - [04/Apr/2009:05:14:18 -0400] "GET /webmail/CHANGELOG 
> HTTP/1.1" 404 1006
> 195.207.15.79 - - [04/Apr/2009:05:14:18 -0400] "GET 
> /roundcubemail/CHANGELOG HTTP/1.1" 404 1024
> 195.207.15.79 - - [04/Apr/2009:05:14:18 -0400] "GET /rcmail/CHANGELOG 
> HTTP/1.1" 404 1003
> 195.207.15.79 - - [04/Apr/2009:05:14:19 -0400] "GET //CHANGELOG 
> HTTP/1.1" 404 985
> 195.207.15.79 - - [04/Apr/2009:05:14:19 -0400] "GET /rc/CHANGELOG 
> HTTP/1.1" 404 991
> 195.207.15.79 - - [04/Apr/2009:05:14:19 -0400] "GET /email/CHANGELOG 
> HTTP/1.1" 404 1000
> 195.207.15.79 - - [04/Apr/2009:05:14:19 -0400] "GET /mail2/CHANGELOG 
> HTTP/1.1" 404 1000
> 195.207.15.79 - - [04/Apr/2009:05:14:19 -0400] "GET /Webmail/CHANGELOG 
> HTTP/1.1" 404 1006
> 195.207.15.79 - - [04/Apr/2009:05:14:20 -0400] "GET 
> /components/com_roundcube/CHANGELOG HTTP/1.1" 404 1057
> 195.207.15.79 - - [04/Apr/2009:05:14:20 -0400] "GET 
> /squirrelmail/CHANGELOG HTTP/1.1" 404 1021
> 195.207.15.79 - - [04/Apr/2009:05:14:20 -0400] "GET 
> /vhcs2/tools/webmail/CHANGELOG HTTP/1.1" 404 1042
> 195.207.15.79 - - [04/Apr/2009:05:14:20 -0400] "GET /round/CHANGELOG 
> HTTP/1.1" 404 1000
>
> 209.160.64.61 - - [05/Apr/2009:20:36:02 -0400] "GET 
> /roundcube/CHANGELOG HTTP/1.1" 404 1012
> 209.160.64.61 - - [05/Apr/2009:20:36:02 -0400] "GET /mail/CHANGELOG 
> HTTP/1.1" 404 997
> 209.160.64.61 - - [05/Apr/2009:20:36:02 -0400] "GET /webmail/CHANGELOG 
> HTTP/1.1" 404 1006
> 209.160.64.61 - - [05/Apr/2009:20:36:02 -0400] "GET 
> /roundcubemail/CHANGELOG HTTP/1.1" 404 1024
> 209.160.64.61 - - [05/Apr/2009:20:36:02 -0400] "GET /rcmail/CHANGELOG 
> HTTP/1.1" 404 1003
> 209.160.64.61 - - [05/Apr/2009:20:36:02 -0400] "GET //CHANGELOG 
> HTTP/1.1" 404 985
> 209.160.64.61 - - [05/Apr/2009:20:36:02 -0400] "GET /rc/CHANGELOG 
> HTTP/1.1" 404 991
> 209.160.64.61 - - [05/Apr/2009:20:36:02 -0400] "GET /email/CHANGELOG 
> HTTP/1.1" 404 1000
> 209.160.64.61 - - [05/Apr/2009:20:36:02 -0400] "GET /mail2/CHANGELOG 
> HTTP/1.1" 404 1000
> 209.160.64.61 - - [05/Apr/2009:20:36:02 -0400] "GET /Webmail/CHANGELOG 
> HTTP/1.1" 404 1006
> 209.160.64.61 - - [05/Apr/2009:20:36:02 -0400] "GET 
> /components/com_roundcube/CHANGELOG HTTP/1.1" 404 1057
> 209.160.64.61 - - [05/Apr/2009:20:36:03 -0400] "GET 
> /squirrelmail/CHANGELOG HTTP/1.1" 404 1021
> 209.160.64.61 - - [05/Apr/2009:20:36:03 -0400] "GET 
> /vhcs2/tools/webmail/CHANGELOG HTTP/1.1" 404 1042
> 209.160.64.61 - - [05/Apr/2009:20:36:03 -0400] "GET /round/CHANGELOG 
> HTTP/1.1" 404 1000


It seems my users have same issue, and OS (centos 5.x) was hacked.
Their roundcube is 0.1.1-stable.

-- 
Best regards.

Zhang Huangbin

- Open Source Mail Server Solution for RHEL/CentOS 5.x:
  http://code.google.com/p/iredmail/

_______________________________________________
List info: http://lists.roundcube.net/dev/

Reply via email to