On 12.02.08 16:33, Rajkumar S wrote: > In past couple of days there has been some spamming via web mail > login. The horde logs show the following entries. > > Feb 12 11:53:05 HORDE [error] [imp] FAILED LOGIN 80.255.59.243 > (forwarded for [172.16.1.14]) to xx.xx.xx.xx:153[imap/notls] as > [EMAIL PROTECTED] [on line 258 of > "/var/www/webmail/imp/lib/Auth/imp.php"] > > Feb 12 11:53:39 HORDE [error] [imp] FAILED LOGIN 80.255.59.243 > (forwarded for [172.16.1.14]) to xx.xx.xx.xx:153[imap/notls] as > [EMAIL PROTECTED] [on line 258 of > "/var/www/webmail/imp/lib/Auth/imp.php"]
We noticed the same problem, mostly the passwords were weak, if not stupid (e.g. the same like login name) > Received: from 172.16.1.14 (172.16.1.14 [172.16.1.14]) by > webmail.mydomain.com (Horde MIME library) with HTTP; Mon, > > There is no 172.16.1.14 in our network, but the attacker has managed > to make Horde lib put wrong header information. horde just takes X-Forwarded-For without checking of its content. see http://bugs.horde.org/ticket/?id=6133 I filled up. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Posli tento mail 100 svojim znamim - nech vidia aky si idiot Send this email to 100 your friends - let them see what an idiot you are -- IMP mailing list - Join the hunt: http://horde.org/bounties/#imp Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: [EMAIL PROTECTED]
