I tried to find a security email address, but I couldn't...
Early this morning, I started to notice a slowdown in one of my servers. I didn't have time to deal with it until this evening, at which point the machine was just about to die. So I started investigating, and saw that several instances of the eggdrop script (among some other bad IRC things) were running on the server. After doing some tracing, I discovered that the script kiddie had somehow managed to upload his scripts to my universal roundcube installation for the server. He had managed to create a hidden folder under /logs and in that folder he had placed his scripts.
I'm still trying to figure out how he got in, but for now, I'm leaning towards an exploit in roundcube possibly...
