Arne Berglund wrote:
I haven't seen any probes looking for RC in any of my logs (any server),
At least two script-kiddie PHP vulnerability scanners probe for Roundcube, and that has shown up in several of my servers.
but I am interested in securing the bin directory. What's everyone's feel on the best method to do this?
No, you can't just protect the whole directory. Roundcube uses the *.php stuff in /bin, so you have to disable the shell scripts. Make sure that your server configuration does not allow execution, and remove the executable bit from the *.sh files, or simply delete/move the scripts.
Carlos
List info: http://lists.roundcube.net/users/