Listas wrote:
Inspecting my logs, I see that cracker tools are developing an increased interest in Roundcube. For example, tests for the /bin/msgimport shell script are common.
I'm not sure if they want the script to attempt abusing it (if server configuration allows that) or to check for the Roundcube version (other tools display the CHANGELOG file, in what is obviously an identification+version probe). In any case, why are those scripts in 'roundcube/bin' instead of being elsewhere, outside of the web-accessible tree?
Carlos
There were some concerns with bin scripts recently. See also http://trac.roundcube.net/ticket/1485269, but devs decided to put the burden of protection onto admin shoulders. -- Dennis _______________________________________________ List info: http://lists.roundcube.net/users/