Roundcube Update: 0.2

floyd said:
That's pretty lame. They could have easily logged in and at least stopped the attacks.
Click to expand...

Nope, they did the right thing. It sounds like the host was not fully managing this box, so disconnecting would be the right thing to do to protect it's network at that point in time.
 
Nope, they did the right thing.
Click to expand...

Ok well that is your opinion and here is mine. I know I can take 2 minutes out of my day to stop a process on a customer's machine who is paying me for a dedicated server even if its not managed.

So yes my opinion is that its pretty lame. I do have my own data center so I am in the same position as other companies who have networks to protect.

Given the choice which company would you rather host with? One that is just going to disconnect you at the first sign of trouble or one that will quickly resolve the problem for you so that you don't have any down time?

I understand if its a big problem that cannot easily be fixed. But even I with my limited experience and no professional training knew how to quickly fix this particular problem. Certainly a professional data center knows how to deal this problem as well. Its certainly better than disconnecting a customer's machine.

The most they really had to do was block outgoing ssh requests from his machine. Certainly that is better than disconnecting it. And it requires the same amount of effort, even less maybe.

Yes I think its lame of them to simply disconnect his machine or maybe I should call it what it is, lazy.
 
floyd said:
Ok well that is your opinion and here is mine. I know I can take 2 minutes out of my day to stop a process on a customer's machine who is paying me for a dedicated server even if its not managed.

So yes my opinion is that its pretty lame. I do have my own data center so I am in the same position as other companies who have networks to protect.

Given the choice which company would you rather host with? One that is just going to disconnect you at the first sign of trouble or one that will quickly resolve the problem for you so that you don't have any down time?

I understand if its a big problem that cannot easily be fixed. But even I with my limited experience and no professional training knew how to quickly fix this particular problem. Certainly a professional data center knows how to deal this problem as well. Its certainly better than disconnecting a customer's machine.

The most they really had to do was block outgoing ssh requests from his machine. Certainly that is better than disconnecting it. And it requires the same amount of effort, even less maybe.

Yes I think its lame of them to simply disconnect his machine or maybe I should call it what it is, lazy.
Click to expand...

Obviously it's my opinion, that's what a public forum is usually full of (among other things). However, I can see where you are coming from due to the fact you yourself own/run/manage/etc. a datacenter. It's far easier to bash another while making yourself look good in this scenario of what you would do. It's also far easier to unplug a cat5 than to troubleshoot a box that you are not paid to manage. I'm sure somewhere buried in their terms mentions this as does most datacenters. Of course this is case by case, so your mileage may vary.

Anyhow, back on topic with roundcube.
 
It's also far easier to unplug a cat5 than to troubleshoot a box that you are not paid to manage.
Click to expand...

Only if the data center has no clue what they are doing.

I am speaking of right and wrong regardless of a TOS. Unplugging the cat5 cable is either the lazy thing to do or the last resort when you cannot figure out what the problem is. If you unplug the cat5 cable the customer cannot even get in to fix the problem.

It's far easier to bash another while making yourself look good in this scenario of what you would do.
Click to expand...

Just be clear its not what I would do. Its what I did do for dozens of my customers. And yes I will bash another company when they do the wrong thing and so should everybody. The right thing is always to help your customer when they are under an attack regardless of the TOS.

If my tenant is being robbed I am going to help regardless of whether they have actually contracted me to help them or not.

Of course this is my opinion. Other people's version of right and wrong may vary.
 
Last edited:
I agree with floyd the first step is to try to filter the attack before just pulling the plug. I would be pissed with any hosting I was paying for that just pulls the plug. And I will not host with any provider that does that. Last resort would need to be nullrouting the ip at router level.
 
scsi said:
I agree with floyd the first step is to try to filter the attack before just pulling the plug. I would be pissed with any hosting I was paying for that just pulls the plug. And I will not host with any provider that does that. Last resort would need to be nullrouting the ip at router level.
Click to expand...

You'd be surprised how many will pull the plug first. If there's an attack happening, their best option may be to disconnect from the network then troubleshoot. If it's an easy fix, back online it goes. Of course I can see both sides of the argument and like I said, it's case by case. It all depends on your TOS etc etc etc.

Mods, feel free to split this topic a bit if we're heading off course.
 
floyd said:
Yes I think its lame of them to simply disconnect his machine or maybe I should call it what it is, lazy.
Click to expand...
I call it GoDaddy.

They did that to a gent who is now a client of ours because we don't just disconnect servers.

Note: I have no idea if this poster uses GoDaddy or not; I'm just relating a specific experience.

Jeff
 
jlasman said:
I call it GoDaddy.

They did that to a gent who is now a client of ours because we don't just disconnect servers.

Note: I have no idea if this poster uses GoDaddy or not; I'm just relating a specific experience.

Jeff
Click to expand...

Lol, do people actually consider Godaddy anything but a cheap registrar?
 
I admit sometimes I have had to pull the plug too. But then I don't email the customer and say "Sorry, I had to pull the plug on your machine. Good luck fixing it." No, I go in myself to figure out what's wrong so I can get it back online. From what hik said they pulled the plug without giving him a way to look at the machine remotely. That would suck if you were 3000 miles away from the data center.
 
We actually give the client the choice; even without full management the client can ask us to (at our usual rate) work on his server in an emergency.
floyd said:
From what hik said they pulled the plug without giving him a way to look at the machine remotely
Click to expand...
Sounds more like GoDaddy by the minute. But I believe GoDaddy only offers Plesk, so it's probably someone else.

Jeff
 
On a machine running:
* Fedora Core 6
* CustomApache

I executed:
Code: 
cd /usr/local/directadmin/scripts
wget -O roundcube.sh http://files.directadmin.com/services/all/roundcube.sh
./roundcube.sh

And got the following error on the last command:
Code: 
cp: cannot stat `/var/www/html/roundcube/temp/*': No such file or directory
ERROR 1142 (42000) at line 6 in file: 'SQL/mysql.update.sql': ALTER command denied to user 'da_roundcube'@'localhost' for table 'messages'
Editing roundcube configuration...
Roundcube has been installed successfully.

I will ignore this error.
 
hik said:
I have been affected and as a matter of fact the hosting company disconnected the box until I could find out what happened, due to the ssh attacks.
Click to expand...

Just a hint: we started using a non-standard SSH port number several years ago and I have not seen an SSH breaking attempt ever since. Everybody using the server must, of course, know this and all SSH-using utilities from outside (rsync etc) must be reconfigured to use the port. In most cases this is not a problem at all.

I understand, though, that this is not possible in all cases.
 
That will protect you from standard incoming ssh attacks but that has nothing to do with this thread really. The ssh attacks mentioned in your quote were outgoing and changing your port is not going to affect ssh attacks going out from your machine. You would need to block the destination port 22 in the OUTPUT chain in iptables.
 
login failed after roundcube update to 0.2

I've update roundcube for the security issues.
I can't login anymore!
Any idea?
 
We suggest regular updates with "clean_old_webapps=yes" set in your options.conf file. DA doesn't automatically update things that require a service to be taken down and compiled. However the custombuild system makes this pretty simple.
Click to expand...

What exactly does "clean_old_webapps=yes" do?

Matt
 
After giving RoundCube a raving review, I updated and now can't send emails with it! Typical..

[23-Jan-2009 14:15:50 +0000] SMTP Error: SMTP error: Authentication failure: Invalid response code received from server (Code: 454) in /var/www/html/roundcubemail-0.2/program/steps/mail/func.inc on line 1248 (POST /roundcube/?_task=mail&_action=send)

Running latest custombuild with IMAP/Dovecot/SpamAssassin
 
You have something miss configured. Make sure you didnt enable ssl in the roundcube config.
 
You must log in or register to reply here.
Back
Top