Hi! On Tue, Feb 9, 2010 at 1:47 PM, LuKreme <krem...@kreme.com> wrote: > On 8-Feb-2010, at 17:34, Jose Ildefonso Camargo Tolosa wrote: >> >> 100% of the servers I have access to, have, >> at least once in the last year, been scanned by a bot (or person, who >> knows) for /roundcoube or similar > > And? I have thousands of servers trying to access my machines via sshd every > single day. This does not mean sshd is insecure.
SSH bots are "brute force" attempts. It means nothing about the security of ssh itself. > > How many servers have you had be compromised by roundcube installs? I don't use roundcube. So: No. > > (I have had a server get compromised from Squirrelmail, awstats, and phpbb in > the past, but none from Roundcube and all were exploited because I did not > update software quickly enough. Usual cause: lack of updates, the question is, sometimes: the response time to get the issues solved. The thing is: I'm currently avoiding roundcube, for the same reason why I used to avoid bind: bad security history. It looks like a really promising project, and if they "keep up the good work", they will become a really, really good webmail system, and not just "nice", but also secure.
