In the past few days, I’ve been getting many 404 email alerts sent by my 404 script:
Date: 10-01-2009 [06:29:29]
User requested for: http://www.easybiztools.com/nonexistenshit was not found !
User Details:
IP addr:94.76.208.8
Browser:Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5
Referred by: n/a
If you check your server logs, you might find someone probing for the following files:
/nonexistentshit
/bin/msgimport
/mail/bin/msgimport
/rc/bin/msgimport
/webmail/bin/msgimport
/roundcube/bin/msgimport
That’s someone scanning your server/website for a vulnerability in the ’roundcube’ webmail program.
Is it dangerous? Without knowing the full extent of the roundcube vulnerability, I would still say yes, it’s dangerous. If you have sensitive information in your email account (e.g. passwords, login IDs, etc) – you risk getting hacked. Also, your data on your webhost may be at risk as well.
Presently, this vulnerability affects web-servers using the DirectAdmin control panel – if your web-host is on Cpanel, you’re safe for the moment.
But if your host is using DirectAdmin, I would advise you to ask your system administrator or tech guy to remove the Roundcube email program.
You can read more about this here
Best wishes,
Post a Comment