Roundcube Community Forum
News and Announcements => General Discussion => Topic started by: Loriel on October 19, 2018, 11:25:55 AM
-
Hello All,
we are facing a phishing attack at our site. A lot of users was hijacked. The attacker sends thousands of themaleficent mails via our Roundcube server.
So, I can realise which user account it was (roundcube DB, table identities -> user_id -> table users -> username).
But, even if I changed the user password the attacker was still sending via roundcube. Even if I removed a session_id from session table it was still sending it's damned spams.
The only thing that finally stopped the evil session was restart of the server :(
Could you please advice the better way to terminate the evil session, or maybe there exist some more elegant way to kick-off the attacker?
Regards
Loriel
-
Maybe you should just restart the smtp server.
-
It does not help :( .
We are using delivery scheme postfix at localhost (roundcube server itself),without autentication -> postfix at relayhost. Relayhost allows to relay from the roundcube server.
May be I should set up authorized SMTP at roundcube server?