Hey everyone,
I am a software consultant and run a number of security-conscious Web sites. Almost every day we get multiple brute force attacks from bots trying to access URLs like...
/roundcube
/components/com_roundcube
/roundcube/program/js/list.js
etc. etc.
...of course we block these attacks and they are no problem for us. However we get so many of them, for months now, I thought you guys should be aware of it.
Roundcube is clearly being targeted for some reason. Either you are very popular or you are very insecure, or at least somebody thinks you are very insecure. I was just making sure you knew this.
Regards,
Richard.
Yep I'm seeing the same -:
404 Not Found
/bin/msgimport: 4 Time(s)
/cube//bin/msgimport: 4 Time(s)
/mail//bin/msgimport: 4 Time(s)
/mail2//bin/msgimport: 4 Time(s)
/mss2//bin/msgimport: 4 Time(s)
/rc//bin/msgimport: 4 Time(s)
/rms//bin/msgimport: 4 Time(s)
/round//bin/msgimport: 4 Time(s)
/roundcube-0.1//bin/msgimport: 4 Time(s)
/roundcube-0.2//bin/msgimport: 4 Time(s)
/roundcube//bin/msgimport: 3 Time(s)
/roundcubemail-0.1//bin/msgimport: 4 Time(s)
/roundcubemail-0.2//bin/msgimport: 4 Time(s)
/roundcubemail//bin/msgimport: 4 Time(s)
Thanks for your hints.
What has to be done in order to block attacks (i.e. change in chmod)?
What happens (worst case) if I'm not able to block those attacks?