Hi,
First, congratulations for your product, I use it since a few month and I find it very confortable and easy to use.
I come on your forum in order to ask a question about the 0.2 stable version.
I have been hacked last month by a man who exploited the problem found whith /bin/html2text.php script and solved it with the new release of RC Webmail.
However, I have seen this morning in my apache's logs that someone is trying to acces this script /bin/msgimport. For the moment, he didn't break anything but I would like to know if there is something he could do to exploit a fault using this script.
Thanks and sorry for my bad english.
Warmly,
Michel GILLET
Please edit RoundCube .htaccess as shown here:
Diff r2224:2225 for trunk/roundcubemail/.htaccess ? RoundCube Webmail ? Trac (http://trac.roundcube.net/changeset?old_path=%2Ftrunk%2Froundcubemail%2F.htaccess&old=2224&new_path=%2Ftrunk%2Froundcubemail%2F.htaccess&new=2225)
Also it looks like an attempt for an exploit of RoundCube v0.1 (msgimport = msgimport.sh since v0.2 branche).