did you check if there is a matching logon on your imap server? maybe
enable password logging if you can and log in as his user and see what
he sees? did you confirm that your roundcube is configured to use the
correct imap server?
On 2018-02-09 01:33 AM, Jorge Bastos wrote:
Ok, another login just right now:
Feb 9 09:25:41 fastweb roundcube: <sm6djv7v> Successful login for
[email protected] (ID: 100412) from 110.136.11.0 in session
sm6djv7vh6oplo694nff7ng2rp
Alec, can you help debugging this?
*From:*[email protected]
[mailto:[email protected]] *On Behalf Of *Jorge Bastos
*Sent:* 9 de fevereiro de 2018 09:18
*To:* 'Roundcube Users mailing list' <[email protected]>
*Subject:* [RCU] Security issue (possible?) (was: RE: Unknown user in
users table, very odd, possible security hole)
ALEC!!!!!!!
There’s some security problem in RC I believe!
Check this:
Feb 9 01:46:44 fastweb roundcube: <ibj96bvb> Successful login for
[email protected] <mailto:[email protected]> (ID: 100412)
from 110.136.11.0 in session ibj96bvbj5akqlt5slpc47ikfb
This user doesn’t belong to any of the IMAP accounts, how was he able to
login?
After the login, there’s some login failed lines:
Feb 9 02:47:27 fastweb roundcube: <ibj96bvb> IMAP Error: Login failed
for [email protected] <mailto:[email protected]> from
110.136.11.0. Empty startup greeting (mail.adhigunaputera.com:143) in
/home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php
on line 196 (POST /webmail/?_task=mail&_action=refresh)
Feb 9 02:48:37 fastweb roundcube: <ibj96bvb> IMAP Error: Login failed
for [email protected] <mailto:[email protected]> from
110.136.11.0. Empty startup greeting (mail.adhigunaputera.com:143) in
/home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php
on line 196 (POST /webmail/?_task=mail&_action=refresh)
Feb 9 02:49:47 fastweb roundcube: <ibj96bvb> IMAP Error: Login failed
for [email protected] <mailto:[email protected]> from
110.136.11.0. Empty startup greeting (mail.adhigunaputera.com:143) in
/home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php
on line 196 (POST /webmail/?_task=mail&_action=refresh
(funny the IP is the network IP)
What’s the best place to move forward with investigation with this
issue, here or dev list?
Could you assist me on this?
Thank you in advanced,
*From:*[email protected]
<mailto:[email protected]>
[mailto:[email protected]] *On Behalf Of *Hannu Hirvonen
*Sent:* 8 de fevereiro de 2018 20:43
*To:* [email protected] <mailto:[email protected]>
*Subject:* Re: [RCU] Unknown user in users table, very odd, possible
security hole
On 08.02.2018 22:34, Jorge Bastos wrote:
Not in there but you made me remind about:
// Log successful/failed logins to <log_dir>/userlogins or to syslog
That's why I said "something like ...", might have been a bit clearer,
of course :-)
--
Hannu Hirvonen ([email protected]
<mailto:[email protected]>,http://www.uwasa.fi/~hh/)
Computer Centre, University of Vaasa, BOX 700, FI-65101 VAASA, Finland
_______________________________________________
Roundcube Users mailing list
[email protected]
http://lists.roundcube.net/mailman/listinfo/users
_______________________________________________
Roundcube Users mailing list
[email protected]
http://lists.roundcube.net/mailman/listinfo/users
