On Mon, 01 Feb 2010 20:39:49 +0100, mouss <mo...@ml.netoyen.net> wrote: > j debert a écrit : >> it seems that roundcube is popular. >> >> It seems to be most popular among bots as well, according to what my >> apache logs say. I don't have roundcube but there are frequent >> attempts to get to php scripts down in the roundcube directories. I'd >> probably see orders of magnitude more if it weren't for fail2ban. I >> wonder what it is that makes it so popular? >> > > you mean things like > GET /roundcube-0.2//bin/msgimport > GET /round//bin/msgimport > .. > > they're looking for old versions.. See > http://asert.arbornetworks.com/2009/01/roundcube-webmail-scanning/ > http://stateofsecurity.com/?p=550 > > > Funnily enough, they don't try SSL. (note that enforcing SSL for any > web mail application is a good practice)
the current version of roundcube (0.3.1) does not work with the current mod_security I failed to get along with the rules of mod_security. I simply removed. I just read the security alert and I just delete msgimport.sh