Re: suitable webmail
- On Mon, 01 Feb 2010 20:39:49 +0100, mouss <mouss@...> wrote:
> j debert a écrit :the current version of roundcube (0.3.1) does not work with the current
>> it seems that roundcube is popular.
>> It seems to be most popular among bots as well, according to what my
>> apache logs say. I don't have roundcube but there are frequent
>> attempts to get to php scripts down in the roundcube directories. I'd
>> probably see orders of magnitude more if it weren't for fail2ban. I
>> wonder what it is that makes it so popular?
> you mean things like
> GET /roundcube-0.2//bin/msgimport
> GET /round//bin/msgimport
> they're looking for old versions.. See
> Funnily enough, they don't try SSL. (note that enforcing SSL for any
> web mail application is a good practice)
I failed to get along with the rules of mod_security.
I simply removed.
I just read the security alert and I just delete msgimport.sh
- LuKreme put forth on 2/12/2010 10:08 AM:
> On 12-Feb-2010, at 08:48, Stan Hoeppner wrote:If you'd have read past the first line you'd have noticed I said the same thing. ;)
>> Tell me about this "top-secure" aspect of Squirrelmail again. ;)
> The fact that some spammers are able to get into email accounts and send spam via squirrelmail has nothing to do with the security of squirrelmail itself. In nerely all, if not all, of these cases the account is being compromised due to having a password like "password1" or "12345678"