On 2014-02-13 20:06, Grant wrote:
Ah, I misread that the first time around. It sounds like I need to be sure I disallow access and execution in certain directories. Which directories are those for roundcube?
check all dirs in roundcube webroot where it is a .htaccess file, this files tells how to protect, atleast for apache
logs and temp if i remember all of it maybe also bin and webroot dir itself
feks wordpress have upload dirs unprocted in webroot :(
also remember no dirs or files must be owned by the user that serving webpage