Jon, Thanks for your hard work. Is there a way to check our code that is on our servers so we can check to see if we do have "Compromised" code. If it is compromised we need to have our users change passwords. Thanks again, Ken On Thu, 30 Jul 2009, Jon Angliss wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > All, > > We apologies for the extended downtime for the SquirrelMail plugins > repository, and some of the SquirrelMail site documentation. > Unfortunately due to conflicting time schedules, and some > miss-communications amongst the team (mostly my fault), the server > was unavailable for an extended length of time. > > Server Status > - ------------- > This evening, after an extended downtime, we finally rolled to using > the new server. XS4All.nl were gracious in loaning us an additional > server whilst we migrated our data, to the new server. All > documentation should now be online again, and active. If you notice > any issues with the site, please feel free to email me directly, > I'll get onto it as soon as I can. > > Plugins Compromise > - ------------------ > During the initial announcement, we'd mentioned that we did not > believe that any of the plugins had been compromised. Further > investigation has shown that the following plugins were indeed > compromised: > > - sasql-3.2.0 > - multilogin-2.4-1.2.9 > - change_pass-3.0-1.4.0 > > Parts of these code changes attempts to send mail to an offsite > server containing passwords. We cannot establish a timeline of when > these plugins were compromised. If you are a user of these plugins, > it is strongly recommended you download a fresh copy from the > plugins repository. MD5s for the good versions are below: > > a492922e5b0d2245d4e9bc255a7c5755 sasql-3.2.0.tar.gz > b143f2dc82f9e98dd43c632855255075 multilogin-2.4-1.2.9.tar.gz > 2cff7c5d4f6f5d8455683bb5d96bb9fe change_pass-3.0-1.4.0.tar.gz > > > Plugins Availability > - -------------------- > As of now, the plugins are available to download again. I > personally apologies for the extended outage of this, as I know some > of you have been eager to get these back up and running again. Once > again, if you notice any issues with the site, feel free to email. > > > - -- > Jon Angliss > <jon@xxxxxxxxxxxxxxxx> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkpydjMACgkQK4PoFPj9H3PXcQCgjKcpMMV4Whra4iRANBkr2Heg > 6rcAoJ4CDtSwI9/E1lTtcsxaUf9QS9BK > =qs+a > -----END PGP SIGNATURE----- > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > -- > squirrelmail-announce mailing list > List Address: squirrelmail-announce@xxxxxxxxxxxxxxxxxxxxx > List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-announce > > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > ----- > squirrelmail-users mailing list > Posting guidelines: http://squirrelmail.org/postingguidelines > List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user > List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users > ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
