SECURITY: SquirrelMail Web Server Status, and Plugins Update

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All,
>
> We apologies for the extended downtime for the SquirrelMail plugins
> repository, and some of the SquirrelMail site documentation.
> Unfortunately due to conflicting time schedules, and some
> miss-communications amongst the team (mostly my fault), the server
> was unavailable for an extended length of time.
>
> Server Status
> - -------------
> This evening, after an extended downtime, we finally rolled to using
> the new server.  XS4All.nl were gracious in loaning us an additional
> server whilst we migrated our data, to the new server.  All
> documentation should now be online again, and active.  If you notice
> any issues with the site, please feel free to email me directly,
> I'll get onto it as soon as I can.
>
> Plugins Compromise
> - ------------------
> During the initial announcement, we'd mentioned that we did not
> believe that any of the plugins had been compromised.  Further
> investigation has shown that the following plugins were indeed
> compromised:
>
>   - sasql-3.2.0
>   - multilogin-2.4-1.2.9
>   - change_pass-3.0-1.4.0
>
> Parts of these code changes attempts to send mail to an offsite
> server containing passwords.  We cannot establish a timeline of when
> these plugins were compromised.  If you are a user of these plugins,
> it is strongly recommended you download a fresh copy from the
> plugins repository.  MD5s for the good versions are below:
>
> a492922e5b0d2245d4e9bc255a7c5755  sasql-3.2.0.tar.gz
> b143f2dc82f9e98dd43c632855255075  multilogin-2.4-1.2.9.tar.gz
> 2cff7c5d4f6f5d8455683bb5d96bb9fe  change_pass-3.0-1.4.0.tar.gz
>
>
> Plugins Availability
> - --------------------
> As of now, the plugins are available to download again.  I
> personally apologies for the extended outage of this, as I know some
> of you have been eager to get these back up and running again.  Once
> again, if you notice any issues with the site, feel free to email.
>
>
> - --
> Jon Angliss
> <jon@...>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkpydjMACgkQK4PoFPj9H3PXcQCgjKcpMMV4Whra4iRANBkr2Heg
> 6rcAoJ4CDtSwI9/E1lTtcsxaUf9QS9BK
> =qs+a
> -----END PGP SIGNATURE-----
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> -----
> squirrelmail-plugins mailing list
> Posting guidelines: http://squirrelmail.org/postingguidelines
> List address: squirrelmail-plugins@...
> List archives: http://news.gmane.org/gmane.mail.squirrelmail.plugins
> List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-plugins
>  

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All,
>
> We apologies for the extended downtime for the SquirrelMail plugins
> repository, and some of the SquirrelMail site documentation.
> Unfortunately due to conflicting time schedules, and some
> miss-communications amongst the team (mostly my fault), the server
> was unavailable for an extended length of time.
>
> Server Status
> - -------------
> This evening, after an extended downtime, we finally rolled to using
> the new server.  XS4All.nl were gracious in loaning us an additional
> server whilst we migrated our data, to the new server.  All
> documentation should now be online again, and active.  If you notice
> any issues with the site, please feel free to email me directly,
> I'll get onto it as soon as I can.
>
> Plugins Compromise
> - ------------------
> During the initial announcement, we'd mentioned that we did not
> believe that any of the plugins had been compromised.  Further
> investigation has shown that the following plugins were indeed
> compromised:
>
>  - sasql-3.2.0
>  - multilogin-2.4-1.2.9
>  - change_pass-3.0-1.4.0
>
> Parts of these code changes attempts to send mail to an offsite
> server containing passwords.  We cannot establish a timeline of when
> these plugins were compromised.  If you are a user of these plugins,
> it is strongly recommended you download a fresh copy from the
> plugins repository.  MD5s for the good versions are below:
>
> a492922e5b0d2245d4e9bc255a7c5755  sasql-3.2.0.tar.gz
> b143f2dc82f9e98dd43c632855255075  multilogin-2.4-1.2.9.tar.gz
> 2cff7c5d4f6f5d8455683bb5d96bb9fe  change_pass-3.0-1.4.0.tar.gz
>
>
> Plugins Availability
> - --------------------
> As of now, the plugins are available to download again.  I
> personally apologies for the extended outage of this, as I know some
> of you have been eager to get these back up and running again.  Once
> again, if you notice any issues with the site, feel free to email.
>
>
> - --
> Jon Angliss
> <jon@...>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkpydjMACgkQK4PoFPj9H3PXcQCgjKcpMMV4Whra4iRANBkr2Heg
> 6rcAoJ4CDtSwI9/E1lTtcsxaUf9QS9BK
> =qs+a
> -----END PGP SIGNATURE-----
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> --
> squirrelmail-announce mailing list
> List Address: squirrelmail-announce@...
> List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-announce
>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> -----
> squirrelmail-users mailing list
> Posting guidelines: http://squirrelmail.org/postingguidelines
> List address: squirrelmail-users@...
> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
> List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>

> Thanks again,
>
> Ken
>
>
> On Thu, 30 Jul 2009, Jon Angliss wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> All,
>>
>> We apologies for the extended downtime for the SquirrelMail plugins
>> repository, and some of the SquirrelMail site documentation.
>> Unfortunately due to conflicting time schedules, and some
>> miss-communications amongst the team (mostly my fault), the server
>> was unavailable for an extended length of time.
>>
>> Server Status
>> - -------------
>> This evening, after an extended downtime, we finally rolled to using
>> the new server.  XS4All.nl were gracious in loaning us an additional
>> server whilst we migrated our data, to the new server.  All
>> documentation should now be online again, and active.  If you notice
>> any issues with the site, please feel free to email me directly,
>> I'll get onto it as soon as I can.
>>
>> Plugins Compromise
>> - ------------------
>> During the initial announcement, we'd mentioned that we did not
>> believe that any of the plugins had been compromised.  Further
>> investigation has shown that the following plugins were indeed
>> compromised:
>>
>>  - sasql-3.2.0
>>  - multilogin-2.4-1.2.9
>>  - change_pass-3.0-1.4.0
>>
>> Parts of these code changes attempts to send mail to an offsite
>> server containing passwords.  We cannot establish a timeline of when
>> these plugins were compromised.  If you are a user of these plugins,
>> it is strongly recommended you download a fresh copy from the
>> plugins repository.  MD5s for the good versions are below:
>>
>> a492922e5b0d2245d4e9bc255a7c5755  sasql-3.2.0.tar.gz
>> b143f2dc82f9e98dd43c632855255075  multilogin-2.4-1.2.9.tar.gz
>> 2cff7c5d4f6f5d8455683bb5d96bb9fe  change_pass-3.0-1.4.0.tar.gz
>>
>>
>> Plugins Availability
>> - --------------------
>> As of now, the plugins are available to download again.  I
>> personally apologies for the extended outage of this, as I know some
>> of you have been eager to get these back up and running again.  Once
>> again, if you notice any issues with the site, feel free to email.

> SquirrelMail Email List wrote:
>> Jon,
>>
>> Thanks for your hard work. Is there a way to check our code that is on our
>> servers so we can check to see if we do have "Compromised" code. If it is
>> compromised we need to have our users change passwords.
>
> Absolutely.  If you check the setup.php file of the mentioned
> plugins, you will see something like:
>
>  eval(base64_decode(
>
> This is followed by a base64 encoded string, which contains several
> PHP commands to disable error handling, then send an email.
>
> --
> Jon Angliss
> <jon@...>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> -----
> squirrelmail-plugins mailing list
> Posting guidelines: http://squirrelmail.org/postingguidelines
> List address: squirrelmail-plugins@...
> List archives: http://news.gmane.org/gmane.mail.squirrelmail.plugins
> List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-plugins
>