Roundcube Update: 0.2
- Thread starter DirectAdmin Support
- Start date
I was wondering why my server log was so big today. I have hundreds of lines like this:
There's at least 20+ IPs scanning for Roundcube and my server isn't even that well-known. Do you think they're doing massive random scans or are they getting a list of IPs with the DA control panel somewhere?
nobaloney
NoBaloney Internet Svcs - In Memoriam †
In a thread on webhostingtalk someone wrote that they were specifically targeting DirectAdmin servers.
Jeff
Jeff
LawsHosting
Verified User
I guess they probe/scan for port 2222 to find out?
LawsHosting
Verified User
maybe change the alias (in httpd-alias.conf, if ap2), and the directory name in /var/www/html/ then change the skins too in DA - yes, a pita after every upgrade, but more safer imo...... Thats what I did to phpmyadmin.......
After running this update, old custombuild we get a blank page at http://domain/roundcube. Now what? Got the same mysql error as everyone else but just a blank page now.
Also, we are not running php5
Also, we are not running php5
Last edited:
We have a vps with a bare OS install on it, that gets hit with msgimport scans the whole day... So not just DA I think.
I just checked the cpanel forums as i find the information a bit more accurate.
This is what they said.
Which means i was running 0.1stable before i ran this update. Now the update has screwed up the entire installation and possibly doesnt even run on php4. Ill have to get it off another server thats still running it and re install it.
nothing wrong with 0.1stable according to cpanel so if your still running it, keep it.
This is what they said.
Which means i was running 0.1stable before i ran this update. Now the update has screwed up the entire installation and possibly doesnt even run on php4. Ill have to get it off another server thats still running it and re install it.
nothing wrong with 0.1stable according to cpanel so if your still running it, keep it.
Pretty sure I was running 0.1stable when I got hit.
empowering
Verified User
./build does not work!
The build script version currently on DA's servers 1.1.15 does not work! As other's have stated I also get this same issue. When is 1.1.16 going to be pushed to the files.directadmin.com server??
With the current build it broke roundcube on the server.
This update does not work and breaks roundcube.
The build script version currently on DA's servers 1.1.15 does not work! As other's have stated I also get this same issue. When is 1.1.16 going to be pushed to the files.directadmin.com server??
With the current build it broke roundcube on the server.
Code:
[root@server custombuild]# ./build roundcube
ls: /var/www/html/roundcube: No such file or directory
cat: /var/www/html/roundcube/index.php: No such file or directory
This instance of RoundCube is not yet configured!
Open http://url-to-roundcube/installer/ in your browser and follow the instuctions.
ERROR 1146 (42S02) at line 4 in file: 'SQL/mysql.update.sql': Table 'da_roundcube.messages' doesn't exist
Editing roundcube configuration...
Roundcube 0.2 has been installed successfully.This update does not work and breaks roundcube.
What version were you running?
I've updated using the script on almost 10 servers running 0.1, zero problems.
I have tried by custombuild version 1.1.15 and 1.1.16 but it breaks roundcube;
Shell output;
web output;
I have tried about 20 linux server but all of them breaks roundcube.
So i have blocked roundce by dc's firewall ilter and waiting for a solution from DA.
Shell output;
Code:
webserver:/usr/local/directadmin/custombuild# perl -pi -e 's/clean_old_webapps=no/clean_old_webapps=yes/' options.conf
webserver:/usr/local/directadmin/custombuild# ./build roundcube
cp: cannot stat `/var/www/html/roundcube/logs/*': No such file or directory
cp: cannot stat `/var/www/html/roundcube/temp/*': No such file or directory
Parse error: syntax error, unexpected T_OBJECT_OPERATOR in /var/www/html/roundcubemail-0.2/program/include/main.inc on line 75
ERROR 1091 (42000) at line 6 in file: 'SQL/mysql.update.sql': Can't DROP 'idx'; check that column/key exists
Editing roundcube configuration...
Roundcube 0.2 has been installed successfully.web output;
Code:
Parse error: syntax error, unexpected T_OBJECT_OPERATOR in /var/www/html/roundcubemail-0.2/program/include/main.inc on line 74I have tried about 20 linux server but all of them breaks roundcube.
So i have blocked roundce by dc's firewall ilter and waiting for a solution from DA.
- Joined
- Feb 27, 2003
- Messages
- 8,509
I believe that's because you're using php 4.
Roundcube 0.2 requires php 5.
John
Roundcube 0.2 requires php 5.
John
LawsHosting
Verified User
What you also want to think about.... is..... what does Roundcube have that others don't....
I only give my clients the webmail subdomain choice (so I choose what they use, if they need it), and remove the links from DA (apart from the top webmail link)......
I had a VPS that was hacked to death, and now I'm so paranoid with my new servers - mod_security and mod_evasive are installed
I only give my clients the webmail subdomain choice (so I choose what they use, if they need it), and remove the links from DA (apart from the top webmail link)......
I had a VPS that was hacked to death, and now I'm so paranoid with my new servers - mod_security and mod_evasive are installed
Ok, i have updated my php4 servers by this;
Code:
http://trac.roundcube.net/browser/trunk/roundcubemail/program/lib/html2text.php?rev=2148Okay, we were affected by this issue and in fact we had the wssh executable in our /tmp directory and it had been executed. It seemed to do some brute-force ssh attacks, but that's only as far as I found out yet.
Is there anyony who could tell me, what exactly those binaries are doing?
in other words: will the box be secure by simply deleting them and plugging the hole that got them there? Of course I did some basic checking on the box (antivirus, rkhunter and such). I know, you can not fully trust a box that had once been compromised, but still i'd like to know as I don't have time at the moment to reinstall the box.
Is there anyony who could tell me, what exactly those binaries are doing?
in other words: will the box be secure by simply deleting them and plugging the hole that got them there? Of course I did some basic checking on the box (antivirus, rkhunter and such). I know, you can not fully trust a box that had once been compromised, but still i'd like to know as I don't have time at the moment to reinstall the box.
I have been affected and as a matter of fact the hosting company disconnected the box until I could find out what happened, due to the ssh attacks.
I deleted roundcube and all the wssh files in /tmp directory and it seems that now its secure. But I would also like to find out, as tux, if this is enough.
I deleted roundcube and all the wssh files in /tmp directory and it seems that now its secure. But I would also like to find out, as tux, if this is enough.