On Nov 12, 2009, at 5:08 AM, fakessh@fakessh.eu wrote:
Even if that means your server will be compromised ?
my system did not seem to be compromised and how do I know, yes or no compromise
You may not know, that is one of the problems.
A server can get compromised and it is difficult to find a trail that
shows you.
There was a message posted to the RoundCube Development list on 11
Nov titled " html2text conversion script vulnerability " you might
want to read from the archives.
I see from one of your later posts you upgraded, I am thankful.
As for your problem :
I would make sure the " logs " directory in the " roundcubemail "
directory is writable by the web server process. That is where the
logs are written, and if the web server process doesn't have
permissions to write to that directory, you won't get logging.
PHP errors should be written to the web server log, which should be
at /var/log/httpd/error_log.
You should make sure logging to that file is turned on in the /etc/
php.ini file.
I would recommend you deploy RoundCube on a server not connected to
the internet first. That way you could allow PHP to display errors on
the web page. Then, once you get RoundCube working on a test server,
you can deploy it on a public-facing internet server.