Hi,
I've been a long time user of roundcube, and have thoroughly enjoyed it -- thank you!
However .. I run my own domain, and I sign up to websites using an email address based on the product, or site name. ie. roundcube@mydomain.tld. This is so I know what address is getting spammed, and can setup filters accordingly etc.
This morning, i've just received a spam email to my roundcube address about "liking my profile, and I should email them for some private photos", and a rather suggestive image attached (yay, go the internet!).
Just wondering if there was a known database compromise, or (hopefully not) if the database was sold off to a third party? Otherwise you may like to check out your security.
This is certainly not some "dictionary attack" or "lucky guess" from a spammer...
Cheers.
RoundCube isn't run off a centralized database each instance of RoundCube has its own database, you'd have to ask your hosting provider if they had a database compromise.
Hi,
No, I didn't quite make the second paragraph clear enough, apologies .. I signed up to the roundcube website, using that address (these forums, I guess). I host all my own stuff, so I am my own "hosting provider". As a further e.g. If i signed up to something on the microsoft website, i'd use "microsoft@mydomain.tld"... Hopefully that makes it a bit clearer.
It just gives me an easier way to differentiate where email is coming from, and in this case, where spam is hitting, and setup MTA rules accordingly.
If anyone else gets spam emails from "Fun Girl", with a picture of some chick on a bed .. then it'll be the compromise with these roundcube forums.
Cheers.
Sorry I misunderstood I'll make sure gets addressed immediately, I see that another user has had the same problem: http://www.roundcubeforum.net/3-news-announcements/12-general-discussion/9417-your-forum-leaking-e-mail-addresses.html