Roundcube Community Forum

Miscellaneous => Forum Feedback => Topic started by: cg` on February 20, 2012, 03:30:31 PM

Title: Email Database Compromise?
Post by: cg` on February 20, 2012, 03:30:31 PM
Hi,

I've been a long time user of roundcube, and have thoroughly enjoyed it -- thank you!

However .. I run my own domain, and I sign up to websites using an email address based on the product, or site name. ie. roundcube@mydomain.tld. This is so I know what address is getting spammed, and can setup filters accordingly etc.

This morning, i've just received a spam email to my roundcube address about "liking my profile, and I should email them for some private photos", and a rather suggestive image attached (yay, go the internet!).

Just wondering if there was a known database compromise, or (hopefully not) if the database was sold off to a third party? Otherwise you may like to check out your security.
This is certainly not some "dictionary attack" or "lucky guess" from a spammer...

Cheers.
Title: Email Database Compromise?
Post by: SKaero on February 20, 2012, 04:52:28 PM
RoundCube isn't run off a centralized database each instance of RoundCube has its own database, you'd have to ask your hosting provider if they had a database compromise.
Title: Email Database Compromise?
Post by: cg` on February 20, 2012, 04:59:10 PM
Hi,

No, I didn't quite make the second paragraph clear enough, apologies .. I signed up to the roundcube website, using that address (these forums, I guess). I host all my own stuff, so I am my own "hosting provider". As a further e.g. If i signed up to something on the microsoft website, i'd use "microsoft@mydomain.tld"... Hopefully that makes it a bit clearer.

It just gives me an easier way to differentiate where email is coming from, and in this case, where spam is hitting, and setup MTA rules accordingly.

If anyone else gets spam emails from "Fun Girl", with a picture of some chick on a bed .. then it'll be the compromise with these roundcube forums.

Cheers.
Title: Email Database Compromise?
Post by: SKaero on February 21, 2012, 12:52:16 PM
Sorry I misunderstood I'll make sure gets addressed immediately, I see that another user has had the same problem: http://www.roundcubeforum.net/3-news-announcements/12-general-discussion/9417-your-forum-leaking-e-mail-addresses.html