On 02/01/2010 06:49 PM, Kay wrote:
On 01/02/10 17:09, j debert wrote:
it seems that roundcube is popular.
It seems to be most popular among bots as well, according to what my
apache logs say. I don't have roundcube but there are frequent
attempts to get to php scripts down in the roundcube directories. I'd
probably see orders of magnitude more if it weren't for fail2ban. I
wonder what it is that makes it so popular?
Well I admit Im one of those guy using it, ( of course I m not an
hosting company) though the reason for which I do use it is because it
has decent features ( well for a webmail app is not an organizer thats
sure ) , and a very pleasant interface . I used squirrelmail before it
it worked very well though my user did complain about its ugly
interface. I also considered Horde but to be honest its seems to me an
overkill as a webmail client while roundcube is an easy and fast setup (
even to mantain ). So I gues those 2 points make it popular, altho I see
your point
In my job (hosting company) I see boxes exploited via roundcube all
the time. Squirrelmail? Not one so far. Part of the reason is that
squirrelmail comes with RHEL, so it's kept up to date automatically,
while customers install their own roundcube and then don't maintain
it. That said, it's not the only webmail client (or any other web
app) that gets the install&neglect treatment, it's just the one most
frequently exploited.
So if you want to run it, be diligent about keeping it up to date, and
use something like fail2ban.
K
Well I agree with you there I was a bit worried bout its security, I
have also to admit I have 0.3.0 stable since almost 6 month and just
recently I' have seen come up 0.3.1 ( wich I happen to have updated
recently ) release while I m seeing lot of security alert bout it.
So the point is I would love to keep using squirrelmail but it really
looks old ( don't shot me I like it ) to my users.
