On Nov 12, 2009, at 5:08 AM, fake...@fakessh.eu wrote: >> Even if that means your server will be compromised ? > my system did not seem to be compromised > and how do I know, yes or no compromise
You may not know, that is one of the problems. A server can get compromised and it is difficult to find a trail that shows you. There was a message posted to the RoundCube Development list on 11 Nov titled " html2text conversion script vulnerability " you might want to read from the archives. I see from one of your later posts you upgraded, I am thankful. As for your problem : I would make sure the " logs " directory in the " roundcubemail " directory is writable by the web server process. That is where the logs are written, and if the web server process doesn't have permissions to write to that directory, you won't get logging. PHP errors should be written to the web server log, which should be at /var/log/httpd/error_log. You should make sure logging to that file is turned on in the /etc/ php.ini file. I would recommend you deploy RoundCube on a server not connected to the internet first. That way you could allow PHP to display errors on the web page. Then, once you get RoundCube working on a test server, you can deploy it on a public-facing internet server. -- Charles Dostale System Admin - Silver Oaks Communications http://www.silveroaks.com/ 824 17th Street, Moline IL 61265 _______________________________________________ List info: http://lists.roundcube.net/users/