Site was exploited due to webmail

[ryan1918]

fixed the problem

 

[guidob]

chmod 000 /var/www/html/webmail

 

[floyd]

My website was exploited due to a direct admin, webmail program being installed

That is not very likely. Do you have any proof of this? Any evidence?

 

[nobaloney]

ryan1918,

The other webmail program is Uebimiau.

Do you have the most recent version installed?

Jeff

 

[smtalk]

jlasman, uebimiau is an outdated application, so it's possible that there are some not fixed security holes (I saw ~3, but not critical).

 

[nobaloney]

Is it no longer being worked on? If not, then maybe we will have to warn people to migrate off it.

Does anyone have a script to move uebimiau email folders to imap folders? We may need that.

Jeff

 

[smtalk]

It's not updated for ~2 years.. Their page isn't working properly, you can't contact admins, email authors etc. Few guys are working on a webmail based on UebiMiau - telaen.org. But I don't think it's a good webmail program at all

 

[nobaloney]

Thanks for the update on it. I'm going to start thinking about ending support on our systems for uebimiau by the end of this year.

Jeff

 

[RadMan]

Thanks for the update on it. I'm going to start thinking about ending support on our systems for uebimiau by the end of this year.

Jeff

Jeff can you tell me how to SSH to the html file that contains the link to it, so I can kill it?...

Cheers

 

[ryan1918]

I was exploited due to this webmail program or so it seems..

/webmail/smarty/smarty_class.php?_smarty_compile_path= shell
/webmail/smarty/smarty_class.php?filename= shell
/webmail/smarty/smarty_class.php?smarty_dir= shell

 

[pucky]

If Uebimiau is no longer being updated and full of security holes with the ability to exploit why on earth is DA still installing it on new installations? Surely, unsupported applications should no longer be installed and we should be given the opportunity to remove it from our boxes if we please.

Instead, another application should be installed to replace it Uebimiau on new and existing installations.

 

[ryan1918]

Well, I guess I got them going now, maybe they will think about removing or showing us how to remove these programs that are WAY outdated or not even being used anymore. I mean why have outdated program that risks a servers security, stop being lazy remove it from the package, and show everyone how to remove it.

I don't think all these people will like being exploited

 

[pucky]

Removing it wouldnt be difficult but replacing it with something else should be an option. You can remove the option from httpd.conf but then you have a dead webmail link. Maybe Roundcube should be linked up HINT!

 

[ryan1918]

Guess they don't think it's a big issue.

 

[pucky]

Maybe they dont but then again many others dont either otherwise thie thread would be teaming with replies. Oh well, the next few who get hacked may start WWIII. I know, we have already removed it from boxes. When a use clicks on the link instead of it loading the webmail pgm it loads an information screen that tells all that we have removed it for security reasons. Maybe othes should do the same thing.

If we install RC you can simply modify httpd.conf to load webmail which goes to the RC login.

 

[floyd]

Removing it wouldnt be difficult but replacing it with something else should be an option. You can remove the option from httpd.conf but then you have a dead webmail link. Maybe Roundcube should be linked up HINT!

There are already instructions on how to insert another webmail program for the webmail link in the knowledgebase.

 

[nobaloney]

The problem you get when you remove Uebimiau is that people who are using it will use all their stored email, because Uebimiau uses it's own proprietary method for storing mail folders.

The reason Uebimiau was originally chosen for DirectAdmin is that early DA releases didn't have IMAP; they only had POP3 email, and Uebimiau was the best webmail program that worked with POP3.

So it can't just be arbitrarily deleted.

Jeff

 

[pucky]

But in todays day and age as far as control panels is concerned IMAP is standard so there should be no reason to have a POP3 style webmail program. I dont know when IMAP became a standard with DA since i wasnt using DA back then, but really, this should be upgraded and archived and replaced. Neomail, Squirrelmail are default installations on every control panel i have used. It should be given some though by the developers to replace it.

 

[tlchost]

But in todays day and age as far as control panels is concerned IMAP is standard so there should be no reason to have a POP3 style webmail program. I dont know when IMAP became a standard with DA since i wasnt using DA back then, but really, this should be upgraded and archived and replaced. Neomail, Squirrelmail are default installations on every control panel i have used. It should be given some though by the developers to replace it.

Jeff has a good point....there are folks that are using it. Perhaps we should try to reach agreement on a replacment program that could live as webmail, and then instructions could be developed on how to either remove the current webmail, or have it accessable in another way.

The advantage to this approach is that the current uebimiau users aren't sacraficed, and we could have two currently supported webmails.

Thom

 

[pucky]

Jeff has a good point....there are folks that are using it.

Yes but why would you want to keep using something that is no longer supported and could be compromised ?