Yesterday, I found my server had been compromised with a code injection, making use of a vulnerability in RoundCube.
References:
This lists them as I found them - but note the last thread is from December. And note that
any version of RoundCube before 0.2-stable is vulnerable.
I should also mention that I have
never used RoundCube - I just happened to stumble over this while investigating how to set up email (so far I have only web sites working). So what there was was simply exactly what was installed by default with DirectAdmin.
I made a ticket (YUG-62160) and asked tech support to remove the injected code
and upgrade RoundCube to the latest 0.2-stable. At that time (around 3:30 yesterday afternoon) I'd only found the first reference at the RC site. As I dug further, I found the other threads at the DA forum. Shortly before 6:00 RoundCube had been updated to 0.2 - but I found it was not functional, and so far that is still the status.
I'm posting here for three reasons:
- Mostly, a heads-up to all users of DirectAdmin who may have a vulnerable version of RoundCube on their VPS
- To express my disappointment that apparently SoldHost was not aware of this vulnerability, and warned their customers about it
- To express my amazement that it takes so long for Tech Support to replace RoundCube with a working installation of version 2.0 (the forum threads I linked to in my ticket mention various problems getting it to work - which is precisely why I didn't try to do it myself!)
I hope this is at least useful to someone.
Get Support
Got a Question?
Code injection via RoundCube
Linear Mode
