Loading ...
Sorry, an error occurred while loading the content.

Re: suitable webmail

Expand Messages
  • fakessh
    ... the current version of roundcube (0.3.1) does not work with the current mod_security I failed to get along with the rules of mod_security. I simply
    Message 1 of 42 , Feb 1, 2010
    • 0 Attachment
      On Mon, 01 Feb 2010 20:39:49 +0100, mouss <mouss@...> wrote:
      > j debert a écrit :
      >> it seems that roundcube is popular.
      >>
      >> It seems to be most popular among bots as well, according to what my
      >> apache logs say. I don't have roundcube but there are frequent
      >> attempts to get to php scripts down in the roundcube directories. I'd
      >> probably see orders of magnitude more if it weren't for fail2ban. I
      >> wonder what it is that makes it so popular?
      >>
      >
      > you mean things like
      > GET /roundcube-0.2//bin/msgimport
      > GET /round//bin/msgimport
      > ..
      >
      > they're looking for old versions.. See
      > http://asert.arbornetworks.com/2009/01/roundcube-webmail-scanning/
      > http://stateofsecurity.com/?p=550
      >
      >
      > Funnily enough, they don't try SSL. (note that enforcing SSL for any
      > web mail application is a good practice)


      the current version of roundcube (0.3.1) does not work with the current
      mod_security

      I failed to get along with the rules of mod_security.
      I simply removed.
      I just read the security alert and I just delete msgimport.sh
    • Stan Hoeppner
      ... If you d have read past the first line you d have noticed I said the same thing. ;) -- Stan
      Message 42 of 42 , Feb 12, 2010
      • 0 Attachment
        LuKreme put forth on 2/12/2010 10:08 AM:
        > On 12-Feb-2010, at 08:48, Stan Hoeppner wrote:
        >>
        >> Tell me about this "top-secure" aspect of Squirrelmail again. ;)
        >
        > The fact that some spammers are able to get into email accounts and send spam via squirrelmail has nothing to do with the security of squirrelmail itself. In nerely all, if not all, of these cases the account is being compromised due to having a password like "password1" or "12345678"

        If you'd have read past the first line you'd have noticed I said the same thing. ;)

        --
        Stan
      Your message has been successfully submitted and would be delivered to recipients shortly.