Menu
▾
▴
Re: [SM-DEVEL] [SM-ADMIN] [SM-USERS] [SM-ANNOUNCE] SECURITY: SquirrelMail Web Server Status, and Plugins Update
|
From: Jon A. <jo...@sq...> - 2009-08-01 18:41:41
|
SquirrelMail Email List wrote: > Jon, > > Thanks for your hard work. Is there a way to check our code that is on our > servers so we can check to see if we do have "Compromised" code. If it is > compromised we need to have our users change passwords. Absolutely. If you check the setup.php file of the mentioned plugins, you will see something like: eval(base64_decode( This is followed by a base64 encoded string, which contains several PHP commands to disable error handling, then send an email. -- Jon Angliss <jo...@sq...> |