RoundCube Web-Mail Email Vulnerability: Exposed!

By -

Are you a webmaster, having a domain and website running, or do you plan to create new websites, with e-mail features and such in near future? Well, this article is for you, then. The following piece of article concentrates on a web-based email client's vulnerability. The email client is none other that RoundCube- one of the most popular email clients webmasters use today. Did you know that RoundCube's vulnerability reveals sensitive, confidential and important data about the domain, highly risking it's security? Read on to get a better grasp of what I am trying to say. 

The following short technique I am going to expose gains a hacker access to a site's Webmail log-in page, which is usually almost impossible to stumble upon. Moreover, the RoundCube application's login page is stored externally on the FTP server- and it contains the port number which the site is using for sending e-mails. Port numbers are crucial in black hat hacking. Most sites provide a e-mail address to contact them, which is specified in their site. And once the hacker knows the domain owner uses RoundCube, it makes the task 50 percent easier for him to complete. 

There are 2 steps to do it. One, hackers e-mail random sites that mention a contact address with a Lorem Ipsum (or any other text) and link a Blogger-powered blog at the signature. There is a high probability that the site owner will check the email and open the link. Those who use RoundCube leave a highly valuable information to the site it opens. About a week after emailing websites, the hacker opens his Blogger blog, goes to Stats > Traffic sources (in the Blogger Dashboard) and checks the links. Since it's the RoundCube users who opened his link, Blogger displays the data from where traffic is coming in this format: 

http://www.domain.com:(Port number)/3rdparty/roundcube 
Now the hacker has access to the site's log-in page. The hacker now fills in the Username with the email address provided by the site and then brute-forces the password. If a domain owner uses weak password, chances are his email will get hacked. 

For the not-so-experienced hackers and those who don't want to wait so long, there is another way. The lazy hackers Google for data. What? Yes! Google indexes a number of WebMail login pages in their index which can be retrieved by searching Google with the following code: 

inurl:3rdparty/roundcube 
Google will now begin to show up all those unlucky WebMail pages whose owners forgot to place a No-index code in their HTML pages. A hacker will click the link, visit the main index page (Home page) and hunt for the e-mail. As I stated, most sites specify their email address. The hacker copies the email and follows the last step which the Experienced hackers also follow- Brute force. This is the last step for hacking the e-mail. 

This was how hackers hack email of domains which uses RoundCube WebMail. Don't use RoundCube- take my advice. If you already did, delete and ban RoundCube files in your server. I hope people won't commit this mistake that hundreds of thousand other people are doing. Stay safe, stay alert. 

Comments

Post a Comment

Popular posts from this blog

Being a Good Class Monitor: The Dummy's Guide!

By -
Image
So students, every year there are two monitors selected from your class, right? I'm writing this article from my past experiences. This is practiced in most schools. All monitors/leaders are generally the "best boy" of the class/school (in discipline), or maybe the highest academic scorer (Well, the criteria does vary from school to school- I have written the common practice) . Observing leaders and captains from various schools, I have come to a conclusion and just decided to publish this article, as a guide. Being a leader is not that easy. One has to be taking the responsibility of his/her whole class, or perhaps, the entire school. Being a leader demands a lot from us. Some random quotes are: “Innovation distinguishes between a leader and a follower.” -Steve Jobs, Apple co-founder “Leadership and learning are indispensable to each other.” -John F. Kennedy “The pessimist complains about the wind. The optimist expects it to change. The leader adjust
Read more

Nature v/s Nurture: What Shapes our Personality?

By -
Image
The topic "Nature v/s Nurture: What Shapes our Personality?" has been a controversial and a debatable topic since four hundred years ago when Shakespeare, in “The Tempest” mentioned about these two aspects of our lives. Between the tussle amongst Nurture and Nature, nurture plays the more important role in shaping our personalities. I will be sharing my view for the nurture side, as I am a firm believer of this fact myself. Shakespeare first introduced to us the Nature v/s Nurture debate four hundred years ago, in his literary play known as "The Tempest".  What actually is nurture? Nurture in the sense of this debate is the ideology that the environment in which a child grows up determines his personality, and not by inherited genes or characteristics, i.e. nature. According to a popular theory backed by psychologists, every one of us is born with a blank slate or “Tabula Rasa”. It means that who we are is determined by what we learn and observe. A very go
Read more

Top 10 reasons students use as a reason for being absent- which are actually false!

By -
Image
If you are a teacher, a staff, or a principal of any school, this article is for you. Students take leave for various reasons- fever, holiday picnic, etc. There are some students, who, in the name of these excuses do not attend school, and instead, doze at home. The IIS India team has compiled a list of 'Top 10 reasons Students use for being absent' for you. Don't worry students- there is something called "luck" that determines whether you get caught for using a fake reason! #10 : Let me start with the number 10. The number 10 is a 10 upon 10 if you judge the quality of the excuse, LOL. The reason is-" The last train/bus for reaching school had departed before I reached the station/bus stand " Seems a bit funny, right? Yes, it is. This is "just a bit popular" among students, so this becomes the #10 excuse! #9 : Next comes 9, after 10. The reason number 9 is increasingly becoming popular , as students get more creative and search f
Read more