Possible problem with a Roundcube file


Hey everyone,

I just made a post on the cPanel forums regarding a possible hack for a Roundcube file on a cPanel server.

I run mod_security on my server and found today well over 100 calls for the Roundcube file bin/msgimport. These calls came from different IPs all over the world but pattern was the same. There would be 2 calls for /nonexistensh** and then multiple calls for bin/msgimport (with different paths) till the server blocked that IP and it would start anew from a different IP.

Personally I'm going to delete or move this file just to be safe but I thought a heads up might be appropriate here since I was unable to find anything on the forums when I ran a search.

I would recommend that you all do the same until they push a fix. The full path to the file is /usr/local/cpanel/base/3rdparty/roundcube/bin/msgimport