I had the same issue of spamming via my squirrelmail few days ago. Suddenly, I found large queued mails on my mail server authenticated via squirrelmail. Below are things that I found after a short analysis - All exploited accounts had same username and password. I don't how did they find all the list of usernames. - All exploited accounts preference were changed (Name, email, reply address) - All exploited accounts were forced to use signature and multiple signatures were full of spam messages with filename in this pattern username.si1 username.si2 username.si3..... for same user. When I forced the exploited accounts to change their password, then my problem has been solved. With Regards Nabin Limbu > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hal Pollenz wrote: > | Here is what is probably happening ( it happened to us last week ) > | Spammers are sending very specific pfishing emails, sample below. > | Stupid users are responding with their passwords. > | Lots of log checking and quick disabling of accounts is about all you > | can do > | assuming you do not have the power to terminate users for being this > dumb > | ---- one sample ----- > | > | ---------- > | > One of the things I did to avoid dictionary attacks against weak > passwords was to implement the minimum password security rules > available with the Change SQL Password plugin. I then set a force > change password to true for those accounts that did not meet the > minimum security. Users who login will get directed to the change > password screen. > > To be able to do this (without forcing everyone to change passwords) > you need to have passwords stored in the database in plain text. > > This does not help lock out already compromised accounts, but > makes it harder for accounts to be compromised in the first place. > > John > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.9 (GNU/Linux) > Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org > > iEYEARECAAYFAkhsakIACgkQd4I3jTtt9EIICACfQwpF4GGvjB6EGEPwajNoLiTk > uc8An3C5KEBmJaJb6xZFveyKzU/kgAAy > =aNqQ > -----END PGP SIGNATURE----- > > ------------------------------------------------------------------------- > Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! > Studies have shown that voting for your favorite open source project, > along with a healthy diet, reduces your potential for chronic lameness > and boredom. Vote Now at http://www.sourceforge.net/community/cca08 > ----- > squirrelmail-users mailing list > Posting guidelines: http://squirrelmail.org/postingguidelines > List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user > List info (subscribe/unsubscribe/change options): > https://lists.sourceforge.net/lists/listinfo/squirrelmail-users > ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
