FYI. I just had all of the squirrelmail prefs for all the users on one of my servers disappear. I have never had anything like this happen ever before. I'm in the process of finding the needle in the haystack of logs to try to get a handle on this. I'm sending this to the list as a heads up. Seems like Squirrelmail is not doing so good here over the last few months.
John Hinton
On Mon, February 9, 2009 5:14 pm, John Hinton wrote:
FYI. I just had all of the squirrelmail prefs for all the users on one of my servers disappear. I have never had anything like this happen ever before.
I have seen this couple of times several years ago (more than 3) with an older version of SquirrelMail, but not since then. Which version are you running?
Marko A. Jennings wrote:
On Mon, February 9, 2009 5:14 pm, John Hinton wrote:
FYI. I just had all of the squirrelmail prefs for all the users on one of my servers disappear. I have never had anything like this happen ever before.
I have seen this couple of times several years ago (more than 3) with an older version of SquirrelMail, but not since then. Which version are you running?
This is the latest CentOS 4.X SquirrelMail update release. Standard install during the server build, so it's absolutely stock.
Looks like I found a user accessing it during the time the prefs all disappeared. It was a legit user. Directory change time is only in day minute... so I can't get down to the second it changed.
We don't have a lot of users using it, but for those that do....
Thanks, John Hinton
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
John Hinton wrote:
Marko A. Jennings wrote:
On Mon, February 9, 2009 5:14 pm, John Hinton wrote:
FYI. I just had all of the squirrelmail prefs for all the users on one of my servers disappear. I have never had anything like this happen ever before.
I have seen this couple of times several years ago (more than 3) with an older version of SquirrelMail, but not since then. Which version are you running?
This is the latest CentOS 4.X SquirrelMail update release. Standard install during the server build, so it's absolutely stock.
Looks like I found a user accessing it during the time the prefs all disappeared. It was a legit user. Directory change time is only in day minute... so I can't get down to the second it changed.
We don't have a lot of users using it, but for those that do....
Thanks, John Hinton
OK, this was a php injection via another program. SM has had so many weirdnesses lately and as it was the first to show a problem... I laid blame in the wrong place. Meanwhile... off to clean house. :(
John Hinton
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Mon, 09 Feb 2009, John Hinton wrote:
FYI. I just had all of the squirrelmail prefs for all the users on one of my servers disappear. I have never had anything like this happen ever before. I'm in the process of finding the needle in the haystack of logs to try to get a handle on this. I'm sending this to the list as a heads up. Seems like Squirrelmail is not doing so good here over the last few months.
Please provide evidence before implicating SquirrelMail.
Sahil Tandon wrote:
On Mon, 09 Feb 2009, John Hinton wrote:
FYI. I just had all of the squirrelmail prefs for all the users on one of my servers disappear. I have never had anything like this happen ever before. I'm in the process of finding the needle in the haystack of logs to try to get a handle on this. I'm sending this to the list as a heads up. Seems like Squirrelmail is not doing so good here over the last few months.
Please provide evidence before implicating SquirrelMail.
Right. Sorry. The thing is I looked in the prefs directory and it was totally empty. I forgot that these files were all owned by apache. The real trouble was a header injection through a cms. Really nasty of them to bother with dumping SM prefs. That the worst damage I've found so far after getting stuff cleaned up.... or sort of cleaned up. Unfortunately, since I do the standard SM install, the prefs are in the user directories which are backed up and I hadn't thought to backup SM prefs. Fortunately, we don't have a lot of users that rely on SM.
I made a bad immediate call. It was done in case others wanted to backup the prefs in case it was actually SM.
Now to figure out a best way to create new prefs files for the scads of users on this server. :(
John Hinton
-
John Hinton -
Marko A. Jennings -
Sahil Tandon