Author Topic: Multiple email accounts are sending thousands of spams per day from Roundcube we  (Read 3490 times)

Offline ejimenez

  • Newbie
  • *
  • Posts: 1
I need help with this issue, somehow unauthorized users or scripts are using my company’s email account within Roundcube webmail to send thousands of spam emails all over the world, we have isolated the issue to roundcube, we can choose between Horde, SquirrelMail and roundcube and looks like is just happening in roundcube.

The intruder is also changing the users name to PayPal, Payoneer, Apple Inc, Service, etc.

Is there anything you can do for us and all those users that are getting spammed from our hacked email account?

This is the response I got from GIGENET support team:
Disabling webmail might be a good idea if you're not using it and since it's where the spam seems to be coming from.
Since the scan didn't really pick anything up I'm not sure where the issue lies here, but it does seem that the spammer is logging in via Roundcube somehow.

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,845
Roundcube is webmail software its not a service so the only people who can do anything are you or your host. Roundcube is software your host has installed on their servers.

Your host should be able to see from the logs what exactly has happened. The only thing any one else can really do is offer advice.

Like all software bugs do crop up but the Rounducbe devs are usually very responsive, and as far as I have seen they always take security vulnerabilities seriously so your host should check that they are running the latest version. If they are already are running the latest version and some new vulnerability has been exploited then perhaps they could report the details to the devs so that it can be patched.

Of course if you have not already changed the passwords on the affected accounts you should do that.

Best of luck getting your accounts back under control.
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and more…