Author Topic: Security Concern  (Read 3942 times)

Offline Nipon

  • Newbie
  • *
  • Posts: 8
Security Concern
« on: July 14, 2007, 02:53:03 PM »
Is RoundCube secure? The temp and log folders have to be chmodded to 777. these two folders were exploited by spammers on my site who inserted malicious files.

Offline jak

  • Newbie
  • *
  • Posts: 3
Re: Security Concern
« Reply #1 on: July 15, 2007, 08:19:28 AM »
It is a security issue, but not one with Roundcube specifically.
You do not need to chmod to 777, simply chown the directories to the user that your server runs under.
Typically for Apache this is "nobody" (an actual user called nobody)

Personally, I'd chmod 755, and chown nobody:nobody. You could make it more secure still.

Offline Nipon

  • Newbie
  • *
  • Posts: 8
Re: Security Concern
« Reply #2 on: July 16, 2007, 10:13:05 AM »
Quote
It is a security issue, but not one with Roundcube specifically.
ya, agreed.

what was that u said -
Code: [Select]
chown nobody:nobody i have no idea about this as i don't know apache. is this something i can manage?