1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Horde/Webmail Hacked?

Discussion in 'Plesk for Linux - 8.x and Older' started by malphigian, Jul 21, 2007.

  1. malphigian

    malphigian Guest

    I just noticed that one of my webmail accounts has sent 100s of spam emails (through the web mail interface I believe since there was a template there).

    Running Plesk 8.1.1, Horde About says it's version is "This is Imp H3 (4.1.3)". I'm not sure what version of Horde overall I have.

    I'm 99% sure they did not get the password for this account.

    I can't figure out what exploit they used (there are ton a listed in Security Focus).

    So, in short:
    How to I figure out what happened?
    How do I stop it from happening again? (How do I upgrade horde and imp)?

    Thanks in advance.
  2. breun

    breun Golden Pleskian

    Jun 28, 2005
    Likes Received:
    Horde and IMP and upgraded when you upgrade Plesk. Plesk 8.2 is the latest version and has Horde and IMP updates.
  3. Amin Taheri

    Amin Taheri Golden Pleskian Plesk Certified Professional

    Jul 5, 2007
    Likes Received:
    Seattle Area
    First step I would install mod_security if you havent already. That stops a lot of exploits
  4. trialot

    trialot Guest

    You can improve the horde by just using the new version.

    However, be aware that vulnerability of mailboxes is due to a number of things:
    - absence of GOOD spamfilters and settings
    - absence of GOOD SPF records and settings
    - absence of GOOD antivirus records and settings
    - simple tricks, DO's and DO NOT's

    For example, use the DNSBL option and the SPF spam option on system > server > mail both together (see your control panel)

    Absolutely DONOT: use your DNS records to redirect webmail.domain1.com (specific mailboxes) of domain 1 to a webmail/mailserver of domain 2 (webmail.domain2.com).
    They can hack easily then, certainly in Horde.

    Absolutely DO is the set-up of a mailserver structure with a front-end mailserver that catches mail and filters them of spam, viruses etc.

    Horde is not the weak one: it is relatively ok, to my knowledge.

    It is primarily the setup of mailservers that matters. And in this case, it seems that something can be done in the area of mailserver structure.