Warning: roundcube security risk

[thisisit3]

Roundcube was recently updated because of two security holes, which may not be a problem for most people, but various scanner bots have already been updated to take advantage of these holes.

So beware, if you are running roundcube, make sure you have it patched.

Sample hits from scanner bot:

Code:

216.55.164.37 - - [29/Dec/2008:12:38:20 +0000] "POST /bin/html2text.php HTTP/1.1" 301 365 "-" "-"
216.55.164.37 - - [29/Dec/2008:12:38:20 +0000] "POST /mail/bin/html2text.php HTTP/1.1" 301 370 "-" "-"
216.55.164.37 - - [29/Dec/2008:12:38:20 +0000] "POST /rc/bin/html2text.php HTTP/1.1" 301 368 "-" "-"
216.55.164.37 - - [29/Dec/2008:12:38:22 +0000] "POST /roundcube/bin/html2text.php HTTP/1.1" 301 375 "-" "-"
216.55.164.37 - - [29/Dec/2008:12:38:22 +0000] "POST /roundcubemail/bin/html2text.php HTTP/1.1" 301 379 "-" "-"
216.55.164.37 - - [29/Dec/2008:12:38:22 +0000] "POST /roundcube-mail/bin/html2text.php HTTP/1.1" 301 380 "-" "-"
216.55.164.37 - - [29/Dec/2008:12:38:23 +0000] "POST /roundcubemail-0.1/bin/html2text.php HTTP/1.1" 301 383 "-" "-"
216.55.164.37 - - [29/Dec/2008:12:38:23 +0000] "POST /roundcubemail-0.1.1/bin/html2text.php HTTP/1.1" 301 385 "-" "-"
216.55.164.37 - - [29/Dec/2008:12:38:23 +0000] "POST /roundcubemail-0.1beta/bin/html2text.php HTTP/1.1" 301 387 "-" "-"
216.55.164.37 - - [29/Dec/2008:12:38:24 +0000] "POST /roundcubemail-0.1beta2/bin/html2text.php HTTP/1.1" 301 388 "-" "-"
216.55.164.37 - - [29/Dec/2008:12:38:24 +0000] "POST /roundcubemail-0.1-rc1/bin/html2text.php HTTP/1.1" 301 387 "-" "-"
216.55.164.37 - - [29/Dec/2008:12:38:25 +0000] "POST /roundcubemail-0.1-rc2/bin/html2text.php HTTP/1.1" 301 387 "-" "-"
216.55.164.37 - - [29/Dec/2008:12:38:25 +0000] "POST /roundcubemail-0.2/bin/html2text.php HTTP/1.1" 301 383 "-" "-"
216.55.164.37 - - [29/Dec/2008:12:38:26 +0000] "POST /roundcubemail-0.2-alpha/bin/html2text.php HTTP/1.1" 301 389 "-" "-"
216.55.164.37 - - [29/Dec/2008:12:38:26 +0000] "POST /roundcubemail-0.2-beta/bin/html2text.php HTTP/1.1" 301 388 "-" "-"
216.55.164.37 - - [29/Dec/2008:12:38:27 +0000] "POST /webmail/bin/html2text.php HTTP/1.1" 301 373 "-" "-"

[JPC-Rizwan]

As per cpanel changelog [ Patched Roundcube security issue ( http://trac.roundcube.net/ticket/1485618 )] if cPanel is on 32412 CURRENT build then roundcube is patched.

All Jaguar shared servers have already been patched.

For Dedicated/VPS clients, if you are not running 32412 CURRENT build or higher then you should upgrade as soon as possible.
You can upgrade cPanel using WHM >> cPanel >> Upgrade to Latest Version or from command line using /scripts/upcp --force.
Make sure that you set the update config to Current/Release from WHM >> Server Configuration >> Update Config.