Roundcube Community Forum

 

Some questions about version 0.2 stable

Started by The_Legacy, January 15, 2009, 01:38:31 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

The_Legacy

January 15, 2009, 01:38:31 AM
Hi,
First, congratulations for your product, I use it since a few month and I find it very confortable and easy to use.

I come on your forum in order to ask a question about the 0.2 stable version.
I have been hacked last month by a man who exploited the problem found whith /bin/html2text.php script and solved it with the new release of RC Webmail.
However, I have seen this morning in my apache's logs that someone is trying to acces this script /bin/msgimport. For the moment, he didn't break anything but I would like to know if there is something he could do to exploit a fault using this script.

Thanks and sorry for my bad english.

Warmly,

Michel GILLET

rosali

#1
January 15, 2009, 05:27:24 AM
Please edit RoundCube .htaccess as shown here:

Diff r2224:2225 for trunk/roundcubemail/.htaccess ? RoundCube Webmail ? Trac

Also it looks like an attempt for an exploit of RoundCube v0.1 (msgimport = msgimport.sh since v0.2 branche).
Regards,
Rosali
Print
Go Up Pages1
User actions