SquirrelMail open source project's web server hacked - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: March 16th, 2010

Linux Advisory Watch: March 14th, 2010

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

SquirrelMail open source project's web server hacked

User Rating:

How can I rate this item?

Source: H Security - Posted by Administrator

It has just become apparent that, on June 16, attackers hacked into the web server of the SquirrelMail open source project. The operators have suspended all accounts and reset all crucial passwords. Access to the original server and to all the available plug-ins has also been disabled. The operators believe that none of the plug-ins has been compromised, but investigations are still in progress. Third party plug-ins can be used to add features to SquirrelMail. It is currently unknown as to how the intruders hacked into the server. According to the server operators, the SquirrelMail web mailer's source code was not accessible at any time because it is located on a different server. However, phishers are currently trying to convince users otherwise with a spamming campaign. In an email, they claim that versions 1.4.11, 1.4.12 and 1.4.13 contain a back door, and that version 1.4.15 has, therefore, been made available to download:

Read this full article at H Security