plugin enigma installed by default and exploit in lib76.php

jp79 · February 26, 2017, 10:50:40 AM

Hi, recently my server was hacked and used for spam sending through roundcube.... $:-\$ fortunately I discovered soon.
I'm still investigating, but the problem points to an old version of roundcube (0.8.x, 0.9.x) and the file:
roundcube/plugins/enigma/lib76.php
Any clues? I've been looking about this file and this plugin but i don't find this file in github, perhaps too old, the install was on november 2014

Thanks in advance!

alec · February 26, 2017, 12:28:40 PM

There was never such a file in Roundcube. Probably has been somehow uploaded by the hacker.

jp79 · March 06, 2017, 05:45:31 AM

Indeed, suspicios php files uploaded... all solved (I hope).
Thanks for quick response!

plugin enigma installed by default and exploit in lib76.php

jp79

alec

jp79