squirrelmailLast month, the webserver hosting the popular open source webmail suite SquirrelMail was compromised. At that time, the maintainers thought no source code had been altered:

At approximately 1700 GMT, on June 16, it was discovered that the SquirrelMail webserver had been compromised. The project administrators took immediate action to mitigate any futher compromises, locking all accounts out, and resetting critical passwords.

At this time, the SquirrelMail project administrators have shut down access to the original server, and put a temporary hold on access to the plugins. It is believed that none of the plugins have been compromised, but further investigations are still being executed.

Last week, word got out that a number of plugins were modified during the hack. This suggests that the hackers intentionally targeted the SquirrelMail server, instead of just looking for a random machine. According the the SquirrelMail team, the following plugins were altered:

  • sasql-3.2.0
  • multilogin-2.4-1.2.9
  • change_pass-3.0-1.4.0

If you happen to use any of these plugins, now would be a good time to update! It would be nice if SquirrelMail would add some option to verify the integrity of the plugins as well; simple MD5 or SHA signatures for the plugins would have enabled everyone to detect changes.