Jenolan
New Member
Although a simplistic attack, there are emails turning up that are supposedly being generated by Roundcube (ie the webmail client running in most WHM/DA systems).
The mail purports to be asking for verification of an email address being used within Roundcube, the link address visible shows as your VPS address as the text prompt but the actual link points to 'errormail.host' with your VPS address and some extra payload. Obviously I didn't go through what is behind this URI but it is likely it will ask for credentials to 'verify' you and most likely look like a Roundcube interface.
Just be aware
if you have people who use RC and may not be savvy it might be worth letting them know if they receive one of these it is bodgey.
Sample link (with my host changed to example.com)
The mail purports to be asking for verification of an email address being used within Roundcube, the link address visible shows as your VPS address as the text prompt but the actual link points to 'errormail.host' with your VPS address and some extra payload. Obviously I didn't go through what is behind this URI but it is likely it will ask for credentials to 'verify' you and most likely look like a Roundcube interface.
Just be aware
if you have people who use RC and may not be savvy it might be worth letting them know if they receive one of these it is bodgey.Sample link (with my host changed to example.com)
HTML:
http://example.com.errormail.host/webmail/index.php?user=username@example.com