« previous next »
Pages: [1]

Author Topic: Some questions about version 0.2 stable  (Read 5337 times)

Offline The_Legacy

  • Newbie
  • *
  • Posts: 1
Some questions about version 0.2 stable
« on: January 15, 2009, 01:38:31 AM »
Hi,
First, congratulations for your product, I use it since a few month and I find it very confortable and easy to use.

I come on your forum in order to ask a question about the 0.2 stable version.
I have been hacked last month by a man who exploited the problem found whith /bin/html2text.php script and solved it with the new release of RC Webmail.
However, I have seen this morning in my apache's logs that someone is trying to acces this script /bin/msgimport. For the moment, he didn't break anything but I would like to know if there is something he could do to exploit a fault using this script.

Thanks and sorry for my bad english.

Warmly,

Michel GILLET
Logged

Offline rosali

  • Hero Member
  • *****
  • Posts: 2,533
Some questions about version 0.2 stable
« Reply #1 on: January 15, 2009, 05:27:24 AM »
Please edit RoundCube .htaccess as shown here:

Diff r2224:2225 for trunk/roundcubemail/.htaccess ? RoundCube Webmail ? Trac

Also it looks like an attempt for an exploit of RoundCube v0.1 (msgimport = msgimport.sh since v0.2 branche).
Logged
Regards,
Rosali
__________________
MyRoundcube Project (commercial)
Pages: [1]
« previous next »