Roundcube Community Forum

 

After activation, can't send PMs anymore / Exploits?

Started by myfreexp, March 11, 2012, 06:55:47 AM

Previous topic - Next topic

myfreexp

@skaero: Thanks for manually activating my forum account, apparently I can send posts now. The strange thing is: Now I can't send PMs anymore (which I could before the account was activated). :confused:

On another issue: Once accessing the forum for the first time after boot up, MSE (Microsoft Security Essentials) is reporting an "Exploit:HTML/IframeRef.Z", quite often in combination with an "Exploit:JS/Blacole.AR" or an "Exploit:JS/Blacole.CW". Is this a false positive, and if not, what to do to avoid this?

The filenames look like this:

HTML/IframeRef.Z: C:\Users\xxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JXL76ZW1\index1[1].htm
JS/Blacole.XX: C:\Users\xxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K6U73P1R\main[1].htm

Any advice appreciated.

Regards, Michael

SKaero

I've updated your permissions you should be able to send PM now. Is there any particular page were your getting the alert? What browser/version are you using?

myfreexp

Quote from: skaero;38382I've updated your permissions you should be able to send PM now.
Thanks for speedy action and response.

Quote from: skaero;38382Is there any particular page were your getting the alert? What browser/version are you using?
No particular page, it can happen on every forum page apparently.

Usually I send the laptop in hibernation, letting all tabs open in IE. After waking the machine up again and refreshing the currently open RC forum page with F5, I'm instantly getting these two alerts. But only with the RC forum, that's what puzzling me.

Then I let MSE remove the exploits and are done (I can browse through the forum without getting any more alerts). Until the next wake-up after hibernation...

I would have to check if it happens after a new login only, not sure (might that be of importance?).

Browser is IE8 on a Win7/64.

myfreexp

Any news on this? When I just started the machine from hibernation, I got even six alerts after pressing F5 on this RC forum page (just to see if there are any replies):

Exploit:JS/Blacole.CZ
Exploit:SWF/Heapspray.gen!A
Exploit:HTML/IframeRef.Z
Exploit:Java/CVE-2011-3544
Exploit:Java/CVE-2010-0840.OO
Exploit:Win32/Pdfjsc.YN

I'm wondering what's going on. And believe me, I'm having this problem with the RC forum site only.

rosali

Same for me. I hope the Site owner will fix these issues soon.
Regards,
Rosali
__________________
MyRoundcube Project (commercial)

myfreexp

Quote from: rosali;38391Same for me. I hope the Site owner will fix these issues soon.
It's a bit of a relief that I'm not the only one. OTOH I'm surprised that not more users are reporting this issue.

But something may have happened in the meantime. Did some Win7 updates this late evening, rebooted the machine, and after that I did not encounter the issue again (yet).

I'm just not sure if this is connected to the updates, or if they have fixed something on the server (and didn't tell us yet).

SKaero

I don't think anything was changed on the form, I'll try to get in contact with the form admin. I have no control over form software or server so there is little I can do.

myfreexp

Quote from: skaero;38397I don't think anything was changed on the form, I'll try to get in contact with the form admin. I have no control over form software or server so there is little I can do.
You're right, apparently nothing was changed on the forum, because when I tried to access it from the office this early evening, I did again get these alerts (WinXP, IE8, all latest updates installed) and was even redirected to another site and had difficulties to leave it (all sorts of Javascript-driven dialogues appeared).

So I expected the same problem again later this evening when I woke up my laptop from hibernation (Win7Pro/64, IE8, all latest updates installed) and tried to access the forum, but much to my surprise: No alert, redirection or annoying behaviour at all.

Strange, uh...?

myfreexp

Quote from: myfreexp;38407You're right, apparently nothing was changed on the forum, because when I tried to access it from the office this early evening, I did again get these alerts (WinXP, IE8, all latest updates installed) and was even redirected to another site and had difficulties to leave it (all sorts of Javascript-driven dialogues appeared).

So I expected the same problem again later this evening when I woke up my laptop from hibernation (Win7Pro/64, IE8, all latest updates installed) and tried to access the forum, but much to my surprise: No alert, redirection or annoying behaviour at all.

Strange, uh...?

Ok, forget about the post above. I just did a Google search for "roundcube forum" on the above mentioned laptop. One of the links presented to me, was this one. (do NOT click this, unless you are curious and can handle it!)

Clicked on it, and was redirected to: tinyurl4.info/3a930cee

I had to remove the "http://" to display the real link in this message, as otherwise the forum software apparently does a lookup and does reformat the link this way:

TINYURL4.INFO - free url redirection and masking service (do NOT click this, unless you are curious and can handle it!)

Even more strange: I did not get any alert from MSE.

Honestly: Move this forum to a different site, please.

We are running a dedicated server, if we can be of help, please let me know. (No promises, though, I would have to talk to my admin if we could handle this.)

Regards, Michael