Horde Webmail Disabled

[dmolavi]

will the other clients offered still have our inbox/sent mail folders? basically, do all the clients you offer share the same mail directories?

[quietFinn]

Quote:

Originally Posted by gtgeorge

For those on dedicated servers I have two questions:

1: What steps should we take if we want to disable access to Horde and prevent the exploit?

http://forums.hostgator.com/showthread.php?t=28936

Quote:

Originally Posted by gtgeorge

2: Will we receive instructions to implement the same "fix" when HG has it sorted?

I can't give an official answer, but I am 100% sure we get the instructions.

[tek2dev]

If it is going to be down for an undetermined amount of time then it would be very helpful if you could export the address books over to squirrel or round cube. That way our clients won't be as mad at us at they are getting right now.

[dashaver]

I would like to repeat and second the question by tek2dev Any ideas on what we can do about the address book?

[snailguy]

I'd would like to second the idea of getting address books over to squirrelmail/roundcube, as my users are adrift without them until this is fixed.

Thanks for being on the ball HG!

[tek2dev]

My clients would be happy to just get there address book switched over.

Of course they would like to have their old email but for right now can you get the address books over to the others??????????

[kmaw]

Quote:

Originally Posted by tek2dev

Of course they would like to have their old email but for right now can you get the address books over to the others??????????

Email is the same in any of the webmail programs. Only address books and Horde settings are missing.

[tek2dev]

And that is what my clients want back the most is their address book. Plus according to the plan HG is suppose to be running backups, if so they can get the address books.

[DarkSorrow]

Quote:

Originally Posted by GatorMary

Hello,

We are investigating a potentially previously unknown and undocumented security issue in Horde Webmail. During this investigation, the program will not be available for use on all of our shared and reseller servers. There is no estimated completion time for this investigation at the moment, but we will keep you informed in this thread. Please use the other webmail programs, squirrel mail and round cube are still available.

Thank you for your understanding,

Mary Wior
HostGator Network Security

How does one disable it on a Dedicated server?

[Sam]

Quote:

Originally Posted by Defiance

How does one disable it on a Dedicated server?

http://forums.hostgator.com/showthread.php?t=28936

[GvilleRick]

There is a post in the dedicated linux server section of the forums that gives a shell command to disable Horde. You can find the post here.

[GatorBrent]

The rest of the world is now starting to disable horde on their servers due to us contacting cpanel and a bunch of the major hosts we know. I just got off the phone with cpanel and they are releasing a patch for everyone this very moment.

Once we review the patch and are 100% sure this root exploit has been stopped we will then enable horde. This isn't actually a cpanel problem so much as an issue with horde. It affects any server running horde, but it's cpanel's problem because the majority of their licenses have horde enabled.

[mpantoja]

Proactive. Great.

But couldn't you have included a link back to the webmail main page? All of my clients are using Horde (at my recommendation) and now they seem to think that they can't get webmail *at all*. So I have to personally consult with each of them to tell them to go to theirdomain.com/webmail.

As a shortcut (and for simplicity), I've set up all of my clients with a redirect to jump to Horde rather than the webmail main page (cuts out a step or two).

Please, please just add a link or a redirect.

[jaenosjelantru]

I just thought I would post some verbiage here I sent to my clients. Some of you may need to use it in case you want to inform yours:


Dear Client-

There was a security vulnerability detected with the Horde webmail service which is very severe. Nothing harmful was done because corrective action was taken in time and this does not affect your computer in any way. The horde webmail application was disabled and will remain disabled until the problem can be resolved, which should be within days. A patch that fixes the exploit has already been developed. If you do not use webmail or email on your server at all, please disregard this notice.


I wanted to update those of you who may or may not know how to get to your email using another email application. Most of you probably don’t even use webmail but for those who do, you may still retrieve and send mails in the meantime using another program. If you currently use Horde, login to your webmail using the same credentials as normal except navigate here:

http://yourdomainname.com/webmail

Obviously, you will want to replace yourdomainname.com with your actual domain name. You will notice that horde is disabled but you can use Squirrel mail or round cube. I like horde the best, followed by round cube. With round cube, you must manually retrieve your mail, much like hitting the refresh, by using the little green arrow over the envelope, then select your inbox from the folder list on the left.

I apologize for any inconvenience this has caused. Please feel free to call me if you have any questions or concerns.


love and kisses... steven

[jaenosjelantru]

By the way, thanks for being proactive on this and for letting us know right away. I just started getting emails and calls from my "hair is on fire cause I can't get to my email" clients.

I appreciate the speedy work as usual HG!

[GatorBrent]

Cpanel has sent this out jut now....


"An arbitrary file inclusion vulnerability has been discovered in the Horde
webmail application. At present, we can confirm that this security
vulnerability in question affects Horde 3.1.6 and earlier. Based on
incomplete information at this time, we also believe this affects Horde
Groupware 1.0.4 and earlier as well (cPanel does not use Horde Groupware
at this time).

cPanel customers should update their cPanel and WHM servers immediately to
prevent any chance of compromise. The patch will be available in builds
11.18.2 and greater (or 11.19.2 and greater for EDGE systems). The updated
builds will be available immediately to all fast update servers. The
builds will be available to all other update servers within one hour of
this posting.


To check which version of cPanel and WHM is on your server, simply log
into WebHost Manager (WHM) and look in the top right corner, or execute
the following command from the command line as root:

/usr/local/cpanel/cpanel -V

You can upgrade your server by navigating to 'cPanel' -> 'Upgrade to
Latest Version' in WebHost Manager or by executing the following from the
command line as root:

/scripts/upcp


It is recommended that all use of Horde 3.1.6 and earlier be stopped (on
cPanel and non-cPanel systems alike) until Horde updates can be applied.
You can disable Horde on your cPanel system by unchecking the box next to
'Server Configuration' -> 'Tweak Settings' -> 'Mail' -> 'Horde Webmail'
within WHM, and saving the page with the new settings.


We would like to thank HostGator for providing the initial details in
their report of this vulnerability.
"

[Rockoids]

Way to go gang

[DarkSorrow]

So looks like they patched it and all is good now I just got that email also in my inbox.

[GatorDaveC]

Everything is patched now. We have made our own patch for Horde, CPanel has done the same to strip out the malicious code from being injected.

If you would you like to get the update right a way on your dedicated servers, please go to http://forums.hostgator.com/showthre...d=1#post106772

[ethical]

still not working for me, will it take some time to take effect?

thanks

[GatorDaveC]

Quote:

Originally Posted by ethical

still not working for me, will it take some time to take effect?

thanks

The shared/reseller servers are still updating to the newest CPanel release at this time. I meant the newest version of CPanel has been patched. Give us about an hour or so for finish updating all of the servers.

[Koni]

My WHM is now showing:

WHM 11.15.0 cPanel 11.18.2-S21594

Horde mail is back working again

Great job HG!!!!

[photografico]

Hello,
i'm a new custumer and i have a reseller aluminum account, i have take a look in whm and the updat done, but after access to hord i have try to take a look to the adressbook and i have this error msg :

Some of Turba's configuration files are missing or unreadable
mime_drivers.php
This file controls local MIME drivers for Turba, specifically what kinds of files are viewable and/or downloadable.

Create these files from their .dist versions in /usr/local/cpanel/base/horde/turba/config and change them according to your needs.

i hope you can fixe this asap

thanks,
fico.

[aqw]

I'm experiencing the same Horde message as photografico above. It looks like a config file needs to be set??

AQW

[MikeC]

Quote:

Originally Posted by photografico

Hello,
....
Some of Turba's configuration files are missing or unreadable
mime_drivers.php
This file controls local MIME drivers for Turba, specifically what kinds of files are viewable and/or downloadable.

Create these files from their .dist versions in /usr/local/cpanel/base/horde/turba/config and change them according to your needs.
....

We're getting this on hummer as well. I'm opening a support ticket and recommend others do the same until we see a response from HG here, or it's fixed....