search

roundcube / roundcubemail

The Roundcube Webmail suite
https://roundcube.net
GNU General Public License v3.0
5.89k stars 1.64k forks source link

Strange GET requests from roundcube #8843

Closed ghost closed 1 year ago

ghost commented 1 year ago

During a regular check for PHP errors, I found one of my roundcube installations had failed to request external files via GET requests... this is unusual.

Here they are:

roundcube[171675]: <f1a09oio> PHP Error: Client error: `GET https://ca.engagingnetworks.app/4.5.1/js/components/ckeditor/ckeditor/plugins/dialog/styles/dialog.css?t=M8SC` resulted in a `404 Not Found` response:
roundcube[171675]: <html><head><title>Error</title></head><body>Not Found</body></html>
roundcube[171675]: in /home/user/public_html/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php on line 113 (GET /?_task=utils&_action=modcss&_u=tmp-662ca8d41217b1a0630c2532b2b84ffb.css&_c=message-htmlpart1)
roundcube[198370]: <f1a09oio> PHP Error: Client error: `GET https://ca.engagingnetworks.app/4.5.1/js/components/ckeditor/ckeditor/plugins/copyformatting/styles/copyformatting.css?t=M8SC` resulted in a `404 Not Found` response:
roundcube[198370]: <html><head><title>Error</title></head><body>Not Found</body></html>
roundcube[198370]: in /home/user/public_html/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php on line 113 (GET /?_task=utils&_action=modcss&_u=tmp-a013b67f0aba33b4f1798926a0e90b79.css&_c=message-htmlpart1)
roundcube[179175]: <f1a09oio> PHP Error: Client error: `GET https://ca.engagingnetworks.app/4.5.1/js/components/ckeditor/ckeditor/plugins/tableselection/styles/tableselection.css?t=M8SC` resulted in a `404 Not Found` response:
roundcube[179175]: <html><head><title>Error</title></head><body>Not Found</body></html>
roundcube[179175]: in /home/user/public_html/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php on line 113 (GET /?_task=utils&_action=modcss&_u=tmp-1074cd8402500b5aba28f02fd6ebaf46.css&_c=message-htmlpart1)

Out of curiosity, I wanted to see where this engagingnetworks thing can be found on the webmail server, so grep came up with the following file match:

/home/user/tmp/sess_f1a09oioj9u4s10l63inp585ll8m0337

So the above URLs are found inside the roundcube session, which is a serialized PHP array:

modcssurls|a:7:{s:40:"tmp-1074cd8402500b5aba28f02fd6ebaf46.css";s:125:"https://ca.engagingnetworks.app/4.5.1/js/components/ckeditor/ckeditor/plugins/tableselection/styles/tableselection.css?t=M8SC";

This is the very first time I've found roundcube to perform external GET requests and in addition to that, the requests are towards a known spammy analytics URL.

Could someone please explain to me what is happening?

Thank you.

alecpl commented 1 year ago

If a css file is referred in a HTML email message Roundcube will fetch it and make secure, instead of allowing user browser to fetch it directly. So, yes there are GET requests from the Roundcube itself.

ghost commented 1 year ago

Understood, thank you.