Horde/Webmail Hacked?

[malphigian]

I just noticed that one of my webmail accounts has sent 100s of spam emails (through the web mail interface I believe since there was a template there).

Running Plesk 8.1.1, Horde About says it's version is "This is Imp H3 (4.1.3)". I'm not sure what version of Horde overall I have.

I'm 99% sure they did not get the password for this account.

I can't figure out what exploit they used (there are ton a listed in Security Focus).

So, in short:
How to I figure out what happened?
How do I stop it from happening again? (How do I upgrade horde and imp)?

Thanks in advance.

 

[breun]

Horde and IMP and upgraded when you upgrade Plesk. Plesk 8.2 is the latest version and has Horde and IMP updates.

 

[Amin Taheri]

First step I would install mod_security if you havent already. That stops a lot of exploits

 

[trialot]

You can improve the horde by just using the new version.

However, be aware that vulnerability of mailboxes is due to a number of things:
- absence of GOOD spamfilters and settings
- absence of GOOD SPF records and settings
- absence of GOOD antivirus records and settings
- simple tricks, DO's and DO NOT's

For example, use the DNSBL option and the SPF spam option on system > server > mail both together (see your control panel)

Absolutely DONOT: use your DNS records to redirect webmail.domain1.com (specific mailboxes) of domain 1 to a webmail/mailserver of domain 2 (webmail.domain2.com).
They can hack easily then, certainly in Horde.

Absolutely DO is the set-up of a mailserver structure with a front-end mailserver that catches mail and filters them of spam, viruses etc.

Horde is not the weak one: it is relatively ok, to my knowledge.

It is primarily the setup of mailservers that matters. And in this case, it seems that something can be done in the area of mailserver structure.