[Emerging-Sigs] internet privacy advocate system being used for hacking?

Jamie Riden jamie.riden at gmail.com
Fri Jan 23 12:05:20 EST 2009


2009/1/23 Michael Scheidell <scheidell at secnap.net>:
> I suppose two issues and one question.
> There has been a lot of scanning lately for roundcube servers, as evidenced
> by log entries in web servers like this:
>
> 69.60.115.89 - - [22/Jan/2009:23:25:34 -0500] "GET HTTP/1.1 HTTP/1.1" 400
> 275 "-" "Toata dragostea mea pentru diavola"
> 69.60.115.89 - - [22/Jan/2009:23:25:35 -0500] "GET /roundcube//bin/msgimport
> HTTP/1.1" 404 7555 "-" "Toata dragostea mea pentru diavola"

Hi Michael,

I think they're looking for this vulnerability: "RoundCube
vulnerability allows injection of arbitrary scripting code "
http://www.heise-online.co.uk/security/RoundCube-vulnerability-allows-injection-of-arbitrary-scripting-code--/news/112330

I've not really been looking, but apparently there has been a massive
increase in scanning for roundcube since this vulnerability was
disclosed.

I don't know anything about poundprivacy, but it's been possible to do
similarly untraceable web hacking using tor for a while now.

cheers,
 Jamie
-- 
Jamie Riden / jamesr at europe.com / jamie at honeynet.org.uk
http://www.ukhoneynet.org/members/jamie/


More information about the Emerging-sigs mailing list