• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

a horde bug???

E

euro_gedimas

Guest
YEsterdays my access_log a full of theses lines:


ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:02 +0200] "GET /imp/login.php/ HTTP/1.1" 200 2849 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:02 +0200] "GET / HTTP/1.1" 302 26 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:04 +0200] "GET /login.php?Horde3=bacf0c673f4e6844ef65c5cec9794178 HTTP/1.1" 302 26 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:04 +0200] "GET /js/horde.js?Horde3=4bb5e6dbd33f7cee76e01260e70a26c2 HTTP/1.1" 200 7084 "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:04 +0200] "GET /imp/login.php HTTP/1.1" 200 2799 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /js/enter_key_trap.js?Horde3=4bb5e6dbd33f7cee76e01260e70a26c2 HTTP/1.1" 200 479 "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /themes/screen.css HTTP/1.1" 304 - "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /themes/bluewhite/screen.css HTTP/1.1" 304 - "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /imp/themes/screen.css HTTP/1.1" 304 - "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /imp/themes/bluewhite/screen.css HTTP/1.1" 304 - "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /js/horde.js HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /themes/graphics/horde-power1.png HTTP/1.1" 304 - "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /js/enter_key_trap.js HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /themes/screen.css HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:06 +0200] "GET /themes/bluewhite/screen.css HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:06 +0200] "GET /imp/themes/screen.css HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:06 +0200] "GET /imp/themes/bluewhite/screen.css HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:06 +0200] "GET /themes/graphics/horde-power1.png HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:14:37 +0200] "GET / HTTP/1.1" 302 26 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:14:38 +0200] "GET /login.php?Horde3=00356d2f4fab302e39b46bde7cc92edc HTTP/1.1" 302 26 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:14:37 +0200] "GET /imp/login.php/ HTTP/1.1" 200 2850 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:14:38 +0200] "GET /imp/login.php HTTP/1.1" 200 2799 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:14:38 +0200] "GET /js/horde.js?Horde3=5c7ea842141dfb215791465c04a39f10 HTTP/1.1" 200 7084 "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:14:38 +0200] "GET /js/horde.js HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
Click to expand...

Is it normal? Or there was a horde exploit? :confused: Because it was connecting from different IPT's, and to different domains.
 
You must log in or register to reply here.

Similar threads

M
Question Has my site been attacked?
Replies
8
Views
2K
Peter Debik
P
R
Resolved Huge attack on my server from china
Replies
3
Views
12K
rezouali95
R
WebHostingAce
Question Block MJ12bot with Plesk Fail2Ban plesk-apache-badbot Filter
Replies
7
Views
16K
danami
danami
A
fail2ban blocking ip but still can reach my server
Replies
0
Views
950
Alex123456
A
A
Parallels Plesk Pannel 11.0.9 Horde webmail vulnerability?
Replies
4
Views
3K
_Alberto_
A
Back
Top