First, our sympathies to those affected by this roundcube exploit. What a headache.

If you are using DirectAdmin with the old customapache, please do this:cd /usr/local/directadmin/scripts
wget -O roundcube.sh http://files.directadmin.com/services/all/roundcube.sh
./roundcube.sh
rm -rf /var/www/html/roundcubemail-0.1*

However, we suggest updating to the newer custombuild. For those with custombuild:cd /usr/local/directadmin/custombuild
./build update
perl -pi -e 's/clean_old_webapps=no/clean_old_webapps=yes/' options.conf
./build roundcube
./build clean

We suggest regular updates with "clean_old_webapps=yes" set in your options.conf file. DA doesn't automatically update things that require a service to be taken down and compiled. However the custombuild system makes this pretty simple.

Note: Roundcube 0.2 requires php 5.

Any further questions please contact us.

Mark

__________________
DirectAdmin Web Control Panel
http://www.directadmin.com
sales@directadmin.com

Hi Folks,

Thanks for the update..

One typo:

./build rouncube
./build roundcube

Also, it is worth noting that roundcube-0.2 requires PHP 5.

When I did the build roundcube I got an error at line 6 in file SQL/mysql.update.sql that it can't drop 'idx' is that normal? It still says it was installed successfully though.

Same here:

cp: cannot stat `/var/www/html/roundcube/logs/*': No such file or directory
cp: cannot stat `/var/www/html/roundcube/temp/*': No such file or directory

This instance of RoundCube is up-to-date.
Have fun!

ERROR 1091 (42000) at line 6 in file: 'SQL/mysql.update.sql': Can't DROP 'idx'; check that column/key exists
Editing roundcube configuration...
Roundcube 0.2 has been installed successfully.

Using Custombuild

You can ignore that error. It has been fixed in CustomBuild 1.1.16 and 1.2.10 (http://www.directadmin.com/forum/showthread.php?t=29239), but they are not yet on DA servers.

You can ignore that error. It has been fixed in CustomBuild 1.1.16 and 1.2.10 (http://www.directadmin.com/forum/showthread.php?t=29239), but they are not yet on DA servers.

If it's not released by DA, I don't use it.

I didn't tell you to use them :) Sorry for misunderstanding.

This instance of RoundCube is not yet configured!
Open http://url-to-roundcube/installer/ in your browser and follow the instuctions.

ERROR 1091 (42000) at line 6 in file: 'SQL/mysql.update.sql': Can't DROP 'idx'; check that column/key exists
Editing roundcube configuration...
Roundcube 0.2 has been installed successfully.


I got no idea how to access the installer, although roundcube seems to be running fine. Can I safely ignore this error?

How do I check my version of rcube?

ls -la /var/www/html

lrwxrwxrwx 1 root root 17 Jan 8 14:31 roundcube -> roundcubemail-0.2
drwxr-xr-x 9 webapps webapps 4096 Jan 8 14:31 roundcubemail-0.2


I'm showing .2

Also, it is worth noting that roundcube-0.2 requires PHP 5.

Any solution for those preferring to stick to PHP4?

This instance of RoundCube is not yet configured!
Open http://url-to-roundcube/installer/ in your browser and follow the instuctions.

ERROR 1091 (42000) at line 6 in file: 'SQL/mysql.update.sql': Can't DROP 'idx'; check that column/key exists
Editing roundcube configuration...
Roundcube 0.2 has been installed successfully.
I got no idea how to access the installer, although roundcube seems to be running fine. Can I safely ignore this error?

How do I check my version of rcube?

Yes, you can ignore it. You can check the version by running "./build versions".

Any solution for those preferring to stick to PHP4?

Try applying: http://trac.roundcube.net/changeset/2148

i run the update. how do i make sure it really updated?

cp: `/var/www/html/roundcube/logs/errors' and `/var/www/html/roundcubemail-0.2/logs/errors' are the same file
cp: `/var/www/html/roundcube/logs/sendmail' and `/var/www/html/roundcubemail-0.2/logs/sendmail' are the same file
cp: `/var/www/html/roundcube/temp/212137885545ead1a29dcaf' and `/var/www/html/roundcubemail-0.2/temp/212137885545ead1a29dcaf' are the same file
Parse error: syntax error, unexpected T_OBJECT_OPERATOR in /var/www/html/roundcubemail-0.2/program/include/main.inc on line 75
ERROR 1091 (42000) at line 6 in file: 'SQL/mysql.update.sql': Can't DROP 'idx'; check that column/key exists
Editing roundcube configuration...
Roundcube 0.2 has been installed successfully.

Run: ./build versions. As I said - you can ignore this error and it has been fixed in CustomBuild 1.1.16 and 1.2.10 (not yet on DA servers).

The exploit is public for more than a week..
http://www.milw0rm.com/exploits/7553

After the update is no longer working on the option 'remember password' for firefox and Internet explorer

How to solve?

The exploit is public for more than a week..
http://www.milw0rm.com/exploits/7553

I posted here about it 2 weeks ago. http://www.directadmin.com/forum/showthread.php?t=29066

I still have the folder /var/www/html/roundcubemail-0.1.1 should I?

I still have the folder /var/www/html/roundcubemail-0.1.1 should I?

Nope, cause it's still be access via http://ip/roundcubemail-0.1.1/bin/html2text.php
and then to run php code.

I followed the directions and set to clean old web apps. Can I just delete that folder then? Anything else I should delete?

Thanks.

I was wondering why my server log was so big today. I have hundreds of lines like this:
[Thu Jan 08 13:27:50 2009] [error] [client 94.23.11.210] ModSecurity: Access denied with code 400 (phase 2). Pattern match "^[\\d\\.]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity2/protocol_anomalies.conf"] [line "60"] [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/IP_HOST"] [hostname "38.103.145.214"] [uri "/webmail/bin/msgimport"] [unique_id "SWZFpiZnkdIAAFWfHV4AAAAL"]
[Thu Jan 08 13:27:50 2009] [error] [client 94.23.11.210] ModSecurity: Access denied with code 400 (phase 2). Pattern match "^[\\d\\.]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity2/protocol_anomalies.conf"] [line "60"] [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/IP_HOST"] [hostname "38.103.145.210"] [uri "/webmail/bin/msgimport"] [unique_id "SWZFpiZnkdIAAFT-FDsAAAAA"]
[Thu Jan 08 13:27:50 2009] [error] [client 94.23.11.210] ModSecurity: Access denied with code 400 (phase 2). Pattern match "^[\\d\\.]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity2/protocol_anomalies.conf"] [line "60"] [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/IP_HOST"] [hostname "38.103.145.213"] [uri "/webmail/bin/msgimport"] [unique_id "SWZFpiZnkdIAAFUPFAkAAAAE"]
[Thu Jan 08 13:27:53 2009] [error] [client 94.23.11.210] ModSecurity: Access denied with code 400 (phase 2). Pattern match "^[\\d\\.]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity2/protocol_anomalies.conf"] [line "60"] [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/IP_HOST"] [hostname "38.103.145.211"] [uri "/webmail/bin/msgimport"] [unique_id "SWZFqSZnkdIAAFWfHV8AAAAL"]
[Thu Jan 08 13:50:14 2009] [error] [client 69.62.203.26] ModSecurity: Access denied with code 400 (phase 2). Pattern match "^[\\d\\.]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity2/protocol_anomalies.conf"] [line "60"] [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/IP_HOST"] [hostname "38.103.145.210"] [uri "/nonexisten****"] [unique_id "SWZK5iZnkdIAAFgNsEUAAAAH"]
[Thu Jan 08 13:50:15 2009] [error] [client 69.62.203.26] ModSecurity: Access denied with code 400 (phase 2). Pattern match "^[\\d\\.]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity2/protocol_anomalies.conf"] [line "60"] [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/IP_HOST"] [hostname "38.103.145.214"] [uri "/nonexisten****"] [unique_id "SWZK5yZnkdIAAFd1nm0AAAAD"]
[Thu Jan 08 13:50:16 2009] [error] [client 69.62.203.26] ModSecurity: Access denied with code 400 (phase 2). Pattern match "^[\\d\\.]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity2/protocol_anomalies.conf"] [line "60"] [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/IP_HOST"] [hostname "38.103.145.214"] [uri "/mail/bin/msgimport"] [unique_id "SWZK6CZnkdIAAFdonlIAAAAF"]
[Thu Jan 08 13:50:16 2009] [error] [client 69.62.203.26] ModSecurity: Access denied with code 400 (phase 2). Pattern match "^[\\d\\.]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity2/protocol_anomalies.conf"] [line "60"] [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/IP_HOST"] [hostname "38.103.145.214"] [uri "/bin/msgimport"] [unique_id "SWZK6CZnkdIAAFbdflEAAAAI"]
[Thu Jan 08 13:50:16 2009] [error] [client 69.62.203.26] ModSecurity: Access denied with code 400 (phase 2). Pattern match "^[\\d\\.]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity2/protocol_anomalies.conf"] [line "60"] [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/IP_HOST"] [hostname "38.103.145.214"] [uri "/rc/bin/msgimport"] [unique_id "SWZK6CZnkdIAAFdmm04AAAAC"]
[Thu Jan 08 13:50:18 2009] [error] [client 69.62.203.26] ModSecurity: Access denied with code 400 (phase 2). Pattern match "^[\\d\\.]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity2/protocol_anomalies.conf"] [line "60"] [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/IP_HOST"] [hostname "38.103.145.210"] [uri "/mail/bin/msgimport"] [unique_id "SWZK6iZnkdIAAFgds0UAAAAB"]
[Thu Jan 08 13:50:20 2009] [error] [client 69.62.203.26] ModSecurity: Access denied with code 400 (phase 2). Pattern match "^[\\d\\.]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity2/protocol_anomalies.conf"] [line "60"] [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/IP_HOST"] [hostname "38.103.145.214"] [uri "/roundcube/bin/msgimport"] [unique_id "SWZK7CZnkdIAAFgNsEYAAAAH"]
[Thu Jan 08 13:50:23 2009] [error] [client 69.62.203.26] ModSecurity: Access denied with code 400 (phase 2). Pattern match "^[\\d\\.]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity2/protocol_anomalies.conf"] [line "60"] [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/IP_HOST"] [hostname "38.103.145.214"] [uri "/webmail/bin/msgimport"] [unique_id "SWZK7yZnkdIAAFbdflIAAAAI"]
[Thu Jan 08 14:25:01 2009] [error] [client 195.3.206.36] ModSecurity: Access denied with code 400 (phase 2). Pattern match "^[\\d\\.]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity2/protocol_anomalies.conf"] [line "60"] [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/IP_HOST"] [hostname "38.103.145.210"] [uri "/nonexisten****"] [unique_id "SWZTDSZnkdIAAFyzlQYAAAAD"]
There's at least 20+ IPs scanning for Roundcube and my server isn't even that well-known. Do you think they're doing massive random scans or are they getting a list of IPs with the DA control panel somewhere?

In a thread on webhostingtalk someone wrote that they were specifically targeting DirectAdmin servers.

Jeff

In a thread on webhostingtalk someone wrote that they were specifically targeting DirectAdmin servers.
I guess they probe/scan for port 2222 to find out?

You don't have to be too smart to find out that roundcube is a default with directadmin, so it's an easy to find and to root cause the possiblaty that it will have un-patched rouncube is very high

maybe change the alias (in httpd-alias.conf, if ap2), and the directory name in /var/www/html/ then change the skins too in DA - yes, a pita after every upgrade, but more safer imo...... Thats what I did to phpmyadmin.......

After running this update, old custombuild we get a blank page at http://domain/roundcube. Now what? Got the same mysql error as everyone else but just a blank page now.

Also, we are not running php5

In a thread on webhostingtalk someone wrote that they were specifically targeting DirectAdmin servers.

Jeff

We have a vps with a bare OS install on it, that gets hit with msgimport scans the whole day... So not just DA I think.

any idea how i can cleanly remove roundcube completly if i have it installed as i don't use it anymore?

I just checked the cpanel forums as i find the information a bit more accurate.

This is what they said.

Are you concerned about the remote injection vulnerability in 0.2-1.alpha and 0.2-3.beta? http://www.heise-online.co.uk/securi...--/news/112330

If so, we do not use these versions. We use 0.1stable which is not affected by theses issues. We'll be updating to 0.2stable in the near future

Which means i was running 0.1stable before i ran this update. Now the update has screwed up the entire installation and possibly doesnt even run on php4. Ill have to get it off another server thats still running it and re install it.

nothing wrong with 0.1stable according to cpanel so if your still running it, keep it.

After running this update, old custombuild we get a blank page at http://domain/roundcube. Now what? Got the same mysql error as everyone else but just a blank page now.

Also, we are not running php5

Post #3 says 0.2 requires PHP5. Their wiki (http://trac.roundcube.net/wiki/Howto_Requirements) says so too...

I just checked the cpanel forums as i find the information a bit more accurate.

This is what they said.



Which means i was running 0.1stable before i ran this update. Now the update has screwed up the entire installation and possibly doesnt even run on php4. Ill have to get it off another server thats still running it and re install it.

nothing wrong with 0.1stable according to cpanel so if your still running it, keep it.

Pretty sure I was running 0.1stable when I got hit.

The build script version currently on DA's servers 1.1.15 does not work! As other's have stated I also get this same issue. When is 1.1.16 going to be pushed to the files.directadmin.com server??

With the current build it broke roundcube on the server.


[root@server custombuild]# ./build roundcube
ls: /var/www/html/roundcube: No such file or directory
cat: /var/www/html/roundcube/index.php: No such file or directory
This instance of RoundCube is not yet configured!
Open http://url-to-roundcube/installer/ in your browser and follow the instuctions.

ERROR 1146 (42S02) at line 4 in file: 'SQL/mysql.update.sql': Table 'da_roundcube.messages' doesn't exist
Editing roundcube configuration...
Roundcube 0.2 has been installed successfully.


This update does not work and breaks roundcube.

The build script version currently on DA's servers 1.1.15 does not work! As other's have stated I also get this same issue. When is 1.1.16 going to be pushed to the files.directadmin.com server??

With the current build it broke roundcube on the server.


[root@server custombuild]# ./build roundcube
ls: /var/www/html/roundcube: No such file or directory
cat: /var/www/html/roundcube/index.php: No such file or directory
This instance of RoundCube is not yet configured!
Open http://url-to-roundcube/installer/ in your browser and follow the instuctions.

ERROR 1146 (42S02) at line 4 in file: 'SQL/mysql.update.sql': Table 'da_roundcube.messages' doesn't exist
Editing roundcube configuration...
Roundcube 0.2 has been installed successfully.


This update does not work and breaks roundcube.

What version were you running?

I've updated using the script on almost 10 servers running 0.1, zero problems.

I have tried by custombuild version 1.1.15 and 1.1.16 but it breaks roundcube;

Shell output;
webserver:/usr/local/directadmin/custombuild# perl -pi -e 's/clean_old_webapps=no/clean_old_webapps=yes/' options.conf
webserver:/usr/local/directadmin/custombuild# ./build roundcube
cp: cannot stat `/var/www/html/roundcube/logs/*': No such file or directory
cp: cannot stat `/var/www/html/roundcube/temp/*': No such file or directory

Parse error: syntax error, unexpected T_OBJECT_OPERATOR in /var/www/html/roundcubemail-0.2/program/include/main.inc on line 75
ERROR 1091 (42000) at line 6 in file: 'SQL/mysql.update.sql': Can't DROP 'idx'; check that column/key exists
Editing roundcube configuration...
Roundcube 0.2 has been installed successfully.


web output;
Parse error: syntax error, unexpected T_OBJECT_OPERATOR in /var/www/html/roundcubemail-0.2/program/include/main.inc on line 74

I have tried about 20 linux server but all of them breaks roundcube.

So i have blocked roundce by dc's firewall ilter and waiting for a solution from DA.

I believe that's because you're using php 4.
Roundcube 0.2 requires php 5.

John

What you also want to think about.... is..... what does Roundcube have that others don't....

I only give my clients the webmail subdomain choice (so I choose what they use, if they need it), and remove the links from DA (apart from the top webmail link)......

I had a VPS that was hacked to death, and now I'm so paranoid with my new servers - mod_security and mod_evasive are installed

I believe that's because you're using php 4.
Roundcube 0.2 requires php 5.

John

Ok, i have updated my php4 servers by this;

http://trac.roundcube.net/browser/trunk/roundcubemail/program/lib/html2text.php?rev=2148

Okay, we were affected by this issue and in fact we had the wssh executable in our /tmp directory and it had been executed. It seemed to do some brute-force ssh attacks, but that's only as far as I found out yet.

Is there anyony who could tell me, what exactly those binaries are doing?

in other words: will the box be secure by simply deleting them and plugging the hole that got them there? Of course I did some basic checking on the box (antivirus, rkhunter and such). I know, you can not fully trust a box that had once been compromised, but still i'd like to know as I don't have time at the moment to reinstall the box.

I have been affected and as a matter of fact the hosting company disconnected the box until I could find out what happened, due to the ssh attacks.

I deleted roundcube and all the wssh files in /tmp directory and it seems that now its secure. But I would also like to find out, as tux, if this is enough.

the hosting company disconnected the box

That's pretty lame. They could have easily logged in and at least stopped the attacks.

That's pretty lame. They could have easily logged in and at least stopped the attacks.

Nope, they did the right thing. It sounds like the host was not fully managing this box, so disconnecting would be the right thing to do to protect it's network at that point in time.

Nope, they did the right thing.

Ok well that is your opinion and here is mine. I know I can take 2 minutes out of my day to stop a process on a customer's machine who is paying me for a dedicated server even if its not managed.

So yes my opinion is that its pretty lame. I do have my own data center so I am in the same position as other companies who have networks to protect.

Given the choice which company would you rather host with? One that is just going to disconnect you at the first sign of trouble or one that will quickly resolve the problem for you so that you don't have any down time?

I understand if its a big problem that cannot easily be fixed. But even I with my limited experience and no professional training knew how to quickly fix this particular problem. Certainly a professional data center knows how to deal this problem as well. Its certainly better than disconnecting a customer's machine.

The most they really had to do was block outgoing ssh requests from his machine. Certainly that is better than disconnecting it. And it requires the same amount of effort, even less maybe.

Yes I think its lame of them to simply disconnect his machine or maybe I should call it what it is, lazy.

Ok well that is your opinion and here is mine. I know I can take 2 minutes out of my day to stop a process on a customer's machine who is paying me for a dedicated server even if its not managed.

So yes my opinion is that its pretty lame. I do have my own data center so I am in the same position as other companies who have networks to protect.

Given the choice which company would you rather host with? One that is just going to disconnect you at the first sign of trouble or one that will quickly resolve the problem for you so that you don't have any down time?

I understand if its a big problem that cannot easily be fixed. But even I with my limited experience and no professional training knew how to quickly fix this particular problem. Certainly a professional data center knows how to deal this problem as well. Its certainly better than disconnecting a customer's machine.

The most they really had to do was block outgoing ssh requests from his machine. Certainly that is better than disconnecting it. And it requires the same amount of effort, even less maybe.

Yes I think its lame of them to simply disconnect his machine or maybe I should call it what it is, lazy.

Obviously it's my opinion, that's what a public forum is usually full of (among other things). However, I can see where you are coming from due to the fact you yourself own/run/manage/etc. a datacenter. It's far easier to bash another while making yourself look good in this scenario of what you would do. It's also far easier to unplug a cat5 than to troubleshoot a box that you are not paid to manage. I'm sure somewhere buried in their terms mentions this as does most datacenters. Of course this is case by case, so your mileage may vary.

Anyhow, back on topic with roundcube.

It's also far easier to unplug a cat5 than to troubleshoot a box that you are not paid to manage.

Only if the data center has no clue what they are doing.

I am speaking of right and wrong regardless of a TOS. Unplugging the cat5 cable is either the lazy thing to do or the last resort when you cannot figure out what the problem is. If you unplug the cat5 cable the customer cannot even get in to fix the problem.

It's far easier to bash another while making yourself look good in this scenario of what you would do.

Just be clear its not what I would do. Its what I did do for dozens of my customers. And yes I will bash another company when they do the wrong thing and so should everybody. The right thing is always to help your customer when they are under an attack regardless of the TOS.

If my tenant is being robbed I am going to help regardless of whether they have actually contracted me to help them or not.

Of course this is my opinion. Other people's version of right and wrong may vary.

I agree with floyd the first step is to try to filter the attack before just pulling the plug. I would be pissed with any hosting I was paying for that just pulls the plug. And I will not host with any provider that does that. Last resort would need to be nullrouting the ip at router level.

I agree with floyd the first step is to try to filter the attack before just pulling the plug. I would be pissed with any hosting I was paying for that just pulls the plug. And I will not host with any provider that does that. Last resort would need to be nullrouting the ip at router level.

You'd be surprised how many will pull the plug first. If there's an attack happening, their best option may be to disconnect from the network then troubleshoot. If it's an easy fix, back online it goes. Of course I can see both sides of the argument and like I said, it's case by case. It all depends on your TOS etc etc etc.

Mods, feel free to split this topic a bit if we're heading off course.

Yes I think its lame of them to simply disconnect his machine or maybe I should call it what it is, lazy.
I call it GoDaddy.

They did that to a gent who is now a client of ours because we don't just disconnect servers.

Note: I have no idea if this poster uses GoDaddy or not; I'm just relating a specific experience.

Jeff

I call it GoDaddy.

They did that to a gent who is now a client of ours because we don't just disconnect servers.

Note: I have no idea if this poster uses GoDaddy or not; I'm just relating a specific experience.

Jeff

Lol, do people actually consider Godaddy anything but a cheap registrar?

I admit sometimes I have had to pull the plug too. But then I don't email the customer and say "Sorry, I had to pull the plug on your machine. Good luck fixing it." No, I go in myself to figure out what's wrong so I can get it back online. From what hik said they pulled the plug without giving him a way to look at the machine remotely. That would suck if you were 3000 miles away from the data center.

We actually give the client the choice; even without full management the client can ask us to (at our usual rate) work on his server in an emergency.
From what hik said they pulled the plug without giving him a way to look at the machine remotely
Sounds more like GoDaddy by the minute. But I believe GoDaddy only offers Plesk, so it's probably someone else.

Jeff

On a machine running:
* Fedora Core 6
* CustomApache

I executed:

cd /usr/local/directadmin/scripts
wget -O roundcube.sh http://files.directadmin.com/services/all/roundcube.sh
./roundcube.sh


And got the following error on the last command:

cp: cannot stat `/var/www/html/roundcube/temp/*': No such file or directory
ERROR 1142 (42000) at line 6 in file: 'SQL/mysql.update.sql': ALTER command denied to user 'da_roundcube'@'localhost' for table 'messages'
Editing roundcube configuration...
Roundcube has been installed successfully.


I will ignore this error.

I have been affected and as a matter of fact the hosting company disconnected the box until I could find out what happened, due to the ssh attacks.

Just a hint: we started using a non-standard SSH port number several years ago and I have not seen an SSH breaking attempt ever since. Everybody using the server must, of course, know this and all SSH-using utilities from outside (rsync etc) must be reconfigured to use the port. In most cases this is not a problem at all.

I understand, though, that this is not possible in all cases.

That will protect you from standard incoming ssh attacks but that has nothing to do with this thread really. The ssh attacks mentioned in your quote were outgoing and changing your port is not going to affect ssh attacks going out from your machine. You would need to block the destination port 22 in the OUTPUT chain in iptables.

I've update roundcube for the security issues.
I can't login anymore!
Any idea?

We suggest regular updates with "clean_old_webapps=yes" set in your options.conf file. DA doesn't automatically update things that require a service to be taken down and compiled. However the custombuild system makes this pretty simple.


What exactly does "clean_old_webapps=yes" do?

Matt

What exactly does "clean_old_webapps=yes" do?

Matt

Deletes previous installs

Deletes previous installs

Is this relatively safe? Can it tar them up first just in case?

Matt

After giving RoundCube a raving review, I updated and now can't send emails with it! Typical..

[23-Jan-2009 14:15:50 +0000] SMTP Error: SMTP error: Authentication failure: Invalid response code received from server (Code: 454) in /var/www/html/roundcubemail-0.2/program/steps/mail/func.inc on line 1248 (POST /roundcube/?_task=mail&_action=send)

Running latest custombuild with IMAP/Dovecot/SpamAssassin

You have something miss configured. Make sure you didnt enable ssl in the roundcube config.

I can send emails but now my RC has added
INDEX.sent
INDEX.spam

I can send emails, but the email doesn't show in the sent folder. It just vanishes.
Any way to fix this? It worked PERFECTLY before this update.

Check your folders configuration in RoundCube settings.

I suggest creating another forum just down "Official DirectAdmin Announcements" called "DirectAdmin Announcements and Discussions" and actually lock the main topic made by DA Support each time there is an announcement and leave the discussion to there, this way people may remain subscribed to the main Announcements forum without receiving mail related to the discussions related to that.

Just a suggestion :D

I suppose I can figure out how to make sure only certain logins can post to Official DirectAdmin Announcements and move the discussions on all current topics to the new discussion.

I don't believe there's a way to post replies to a new forum though, so people would have to intelligently name new threads.

I'm awaiting DA Staff approval (and time).

Jeff

if you are using DirectAdmin with the old customapache, please do this:
Code:

cd /usr/local/directadmin/scripts
wget -O roundcube.sh http://files.directadmin.com/services/all/roundcube.sh
./roundcube.sh
rm -rf /var/www/html/roundcubemail-0.1*

I did this and now I get

Parse error: syntax error, unexpected T_OBJECT_OPERATOR in /var/www/html/roundcubemail-0.2/program/include/main.inc on line 74

Whats on line 74

pcjunky, you need to update PHP: Note: Roundcube 0.2 requires php 5.

is there a way to disable roundcube?
I dont use it so it would be easyer for me just to disable it.

tnx

Running on debian

Just delete the roundcube folder in your /var/www

Last night at midnight httpd terminated unexpectedly and wouldn't restart. After restarting the VPS container httpd restarted ok. However, I couldn't see anything abnormal in the logs but thought I should update to the latest DA anyway, just to be safe. The update appeared to go without error, however, Roundcube has been disabled by DA without it asking my permission first, which I would not have agreed to until I had gathered the information required to fix and re-enable it :(

We now have customers calling us to inform us that the webmail appears to be down.

Also after the upgrade, I got a message from the Message System, saying:

Roundcube version 0.1 has been found your system.

The locations on disk are within /var/www/html in the folder(s):
/var/www/html/roundcubemail-0.1.1

These locations have been disabled by means of chmod to 0 for security reasons.
Please update roundcube to 0.2 or higher and remove any old versions.
http://www.directadmin.com/forum/showthread.php?t=29240

Related: http://help.directadmin.com/item.php?id=247

I've followed the link to this thread and read all the posts here, however, I'm still at a loss for what procedure needs to be followed.

If you are using DirectAdmin with the old customapache, please do this:

How can I tell if I'm using "the old customapache"?

However, we suggest updating to the newer custombuild. For those with custombuild:

How can I determine whether we have "custombuild"?

Thanks in advance. (by the way, couldn't spot any differences with the newer version of DA (upgraded from 1.32), I hope it was worth it!).

Kind regards,

peter

Last night at midnight httpd terminated unexpectedly and wouldn't restart. After restarting the VPS container httpd restarted ok. However, I couldn't see anything abnormal in the logs but thought I should update to the latest DA anyway, just to be safe. The update appeared to go without error, however, Roundcube has been disabled by DA without it asking my permission first, which I would not have agreed to until I had gathered the information required to fix and re-enable it :(

We now have customers calling us to inform us that the webmail appears to be down.

Also after the upgrade, I got a message from the Message System, saying:



I've followed the link to this thread and read all the posts here, however, I'm still at a loss for what procedure needs to be followed.



How can I tell if I'm using "the old customapache"?



How can I determine whether we have "custombuild"?

Thanks in advance. (by the way, couldn't spot any differences with the newer version of DA (upgraded from 1.32), I hope it was worth it!).

Kind regards,

peter
Just use the first method if you're not sure. It'll work in either case.

Just use the first method if you're not sure. It'll work in either case.

Thanks buddy. Seems to have done it for me :)

All good now. Tnx.

pete

I can send emails but now my RC has added
INDEX.sent
INDEX.spam

I can send emails, but the email doesn't show in the sent folder. It just vanishes.
Any way to fix this? It worked PERFECTLY before this update.

I've got the same problem, since the upgrade Sent messages disappear but will arrive. How to fix this? Thanks.

I've got the same problem, since the upgrade Sent messages disappear but will arrive. How to fix this? Thanks.

I'm having this issue as well, also deleting emails doesn't send them to the trash folder

I'm having this issue as well, also deleting emails doesn't send them to the trash folder

Actually I fixed my problem, in roudcube settings if you go to "special folders" and specify them there they will work correctly

Actually I fixed my problem, in roudcube settings if you go to "special folders" and specify them there they will work correctly

Thanks, Sent wasn't set indeed. I'd like to know if it's possible to set this system-wide?

I have php4 on my machine and php5 via suphp. However dropping the usual addhandler into .htaccess in the RC2 folder I can't get it to go, it complains of not being able to access the DB, although the details in the DB are right.

Try applying: http://trac.roundcube.net/changeset/2148

I've done this, does this mean my RC1 install is okay? That file has not been updated since 08/08/07 ??

Updated roundcube succesfully but today after a week without problems again apache stopped working. In my error_log I only find

[Tue Mar 31 21:43:55 2009] [error] [client 80.86.101.235] File does not exist: /var/www/html/roundcubemail-2
[Tue Mar 31 21:43:55 2009] [error] [client 80.86.101.235] File does not exist: /var/www/html/404.shtml
[Tue Mar 31 21:43:55 2009] [error] [client 80.86.101.235] File does not exist: /home/admin/domains/sharedip/roundcubemail-2
[Tue Mar 31 21:43:55 2009] [error] [client 80.86.101.235] File does not exist: /home/admin/domains/sharedip/404.shtml
[Tue Mar 31 21:43:55 2009] [error] [client 80.86.101.235] File does not exist: /home/admin/domains/sharedip/roundcubemail-2
[Tue Mar 31 21:43:55 2009] [error] [client 80.86.101.235] File does not exist: /home/admin/domains/sharedip/404.shtml
[Tue Mar 31 21:43:55 2009] [error] [client 80.86.101.235] File does not exist: /home/admin/domains/sharedip/roundcubemail-2
[Tue Mar 31 21:43:55 2009] [error] [client 80.86.101.235] File does not exist: /home/admin/domains/sharedip/404.shtml

I update the rundcube succesfully. However, when i try to use it i get this message:
"Parse error: syntax error, unexpected T_OBJECT_OPERATOR in /var/www/html/roundcubemail-0.2.1/program/include/main.inc on line 74"

As someone said before, the problem is that roundcube is using PHP4.
I already have PHP5 installed, how can i tell roundcube to use PHP5? Where can i change that?

Someone told me that i should change the PHP Version that the "admin" user is using, but i cant, cause theres no domain registered to the admin account.
Please help me!

Thanks in advance.
Bye!

PD: Sorry for my Poor English, im from Argentina.

Edit /var/www/html/roundcube/.htaccess file and set PHP5 to be the default one.

How can i do that?

My "/var/www/html/roundcube/.htaccess":
-------------------------------------------------------------------
# AddDefaultCharset UTF-8
AddType text/x-component .htc

<IfModule mod_php5.c>
php_flag display_errors Off
php_flag log_errors On
php_value error_log logs/errors

php_value upload_max_filesize 5M
php_value post_max_size 6M
php_value memory_limit 64M

php_value zlib.output_compression 0
php_value magic_quotes_gpc 0
php_value zend.ze1_compatibility_mode 0

php_value session.auto_start 0
php_value session.gc_maxlifetime 21600
php_value session.gc_divisor 500
php_value session.gc_probability 1

# http://bugs.php.net/bug.php?id=30766
php_value mbstring.func_overload 0
</IfModule>

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^favicon.ico$ skins/default/images/favicon.ico
</IfModule>

Order deny,allow
Allow from all
-------------------------------------------------------------------

Bye!



EDIT:
Sorry, but i read in "http://trac.roundcube.net/ticket/1485118" that i must have apache v 1.4.13+ to use Roundcube 0.2.
However im running Apache 1.3.37, so maybe thats my problem. Is there a way to make it work?

Update apache? Ask for support on a Roundcube forum?

Jeff

Last night at midnight httpd terminated unexpectedly and wouldn't restart. After restarting the VPS container httpd restarted ok. However, I couldn't see anything abnormal in the logs but thought I should update to the latest DA anyway, just to be safe.


For the record, this is EXACTLY what happened to me twice, a few days ago and a week ago on my DirectAdmin VPS (httpd crashed and was not restartable until reboot).

I also found my /var/logs/secure log file had grown to 236MB and contained evidence of a brute force attempt to gain SSH access.

I've upgraded roundcube now but I found a few nasty looking files in /tmp and am trying to get to the bottom of this now to see what damage might have been done.

hi I'm not pro at this type of thing and I've only had InterWorx for a week or so now, but I love RoundCube so much that I was compelled to figure out how to integrate it into the webmail-chooser and make it accessible server-wide.

I was nearly successful at integrating it right within the /home/interworx/lib area (where horde and squirrelmail are located) but unfortunately the iworx copy of php is too old for the latest stable version of roundcube (which requires php 5.2 or higher).

However, as I did say I was successful, I managed to get it working from within one of my SiteWorx accounts (but that is completely transparent to the user). I am not sure if it's possible to update iworx php, and I didn't want to try, so I updated the server-copy of php to allow the latest RoundCube to work.

Anyway here's to get RoundCube working server wide and integrate it within the webmail chooser. Legend: mysite.com = a domain in one of your SiteWorx accounts where roundcube is installed. anydomain.com = any other domains on the server, within other SiteWorx accounts. I take no responsibility if anything bad comes from this guide! Also, future interworx updates may undo these changes - so keep that in mind.
shae marks (http://mielofon.com/model/shae_marks)

If you're using InterWorx, why are you commenting on a Directadmin upgrade? I'm confused, they're two entirely different control panels

:confused:

And we have the 0.3 version released...

Seems they still did not fix the imap issues. Takes 45 secs to login still... lame. Only webmail client with that problem.