El Viernes, 7 de Septiembre de 2007 21:57, Paul Lesniewski escribió: > On 9/7/07, Christian Schmitz <list@xxxxxxxxxxxxx> wrote: > > First: > > This can happen for 2 reasons: > > Many more than that. > > > -keylogger into customer house. > > -Vulnerabilitys into squirrelmail. > > - Non-SSL-encrypted logins sniffed > - Vuln that sniffs login info stored in browser > - User mistakes like not clicking "sign out" > - Probably more OK, but i try make difference server side, client side. Is not important the final method used to get password in client side. The important is that this not affect to the server. > > > You must work to determine what is happen. > > If the customer have a keylogger, then the spammer have the data > > (password, username). And you will have the same problem with all > > webmails progs. Until use a "chalenge graphic"(if i wrote bad at bottom > > write a explanation about this). > > See the SM CAPTCHA plugin > PERFECT, i strongly recomend add to stop problem. > > If is an exploit to squirrelmail maybe a simple renaming mailto.php > > mailtonew.php (and edit al references to mailto.php) can solve temporary > > this issue. > > Read the thread - the OP's version of SM doesn't have mailto.php. I read it, but my mail server delay the out of this mail 4 or 5 hours > > > To determine what is happening look into the apache logs and see the IP > > of the connection. and the sequence of connection. Check ISP etc. > > > > I will suggest a little turnaround work. Is not the full solution but > > help. > > > > 1.Postfix can refuse send mail if logged in user mismatch. Including > > domain. Others servers must be have a similar feature. > > > > 2.Use the plugin that draw the password in screen, and i dont know if is > > possible disable password field. (if is possible) > > Maybe you mean the Virtual Keyboard plugin I have installed, but both possibilities work (write and click into vkeyb) > > > 3. Exist a CHALENGE GRAPHIC? plugin?I don know how say in english. But > > some sites have a graphic with some letters drawed, and the user must > > copy. This kick the bots. > > yes - see above > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > -- > squirrelmail-users mailing list > Posting Guidelines: > http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: > squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx > List Archives: > http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List > Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List > Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users -- En un mundo sin fronteras.... ¿Quién necesita Puertas y Ventanas? EN INGLES: In a world without frontiers, who needs Gates and Windows http://www.schdev.com.ar http://gnc2.schdev.com.ar ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
