Re: [RCU] problem with old old stable version 0.1.1 Re: recurring problem at the level of authentication and total absence of log
Hi Charles Hi list Hi all
Thank you for helping me, thanks to your great knowledge of roundcubemail yet I have used only packages in CentOS deposits. I quote :
roundcubemail-0.2.1-1.el5.kb.noarch.rpm which corresponds to the stable version 0.2.1 roundcubemail.noarch 0.1.1-5.el5 which corresponds to the stable version 0.1.1
I trust the packager EPEL and packager karanbir singh
the only version that works is that the depot EPEL when my mailboxes contained few messages I have my system analysis with reference to the vulnerability "html2text conversion script vulnerability" my system seems intact did you look at my post last Tuesday Tue, 17 Nov 2009 21:39:40 +0100 (CET)
roundcubemail seems to be sensitive to the version of php and php-mcrypt, it seems that roundcubemail sends a password crypt imap server
I currently installed in one of my vhosts roundcubemail 0.3.1, the installer told me that everything is ok, the log directories are ok and yet I still did not log
there was a post of Tue, 10 Nov 2009 15:16:33 +0100 (CET) there was a email entitled [RCU] mcrypt issues In this email advice to change program/include/rcmail.php lin 993 to $iv =8;
you think it is necessary to make the change indicated in the thread in question a email entitled [RCU] mcrypt issues to solve my problems authentication
I'll try the driver syslogd to try to have the logs roundcubemail
thanks for all your feedbacks
nb : google est mon ami , et bein , pas dans ce cas la
On Nov 12, 2009, at 5:08 AM, fakessh@fakessh.eu wrote:
Even if that means your server will be compromised ?
my system did not seem to be compromised and how do I know, yes or no compromise
You may not know, that is one of the problems. A server can get compromised and it is difficult to find a trail that shows you.
There was a message posted to the RoundCube Development list on 11 Nov titled " html2text conversion script vulnerability " you might want to read from the archives.
I see from one of your later posts you upgraded, I am thankful.
As for your problem :
I would make sure the " logs " directory in the " roundcubemail " directory is writable by the web server process. That is where the logs are written, and if the web server process doesn't have permissions to write to that directory, you won't get logging.
PHP errors should be written to the web server log, which should be at /var/log/httpd/error_log. You should make sure logging to that file is turned on in the /etc/ php.ini file.
I would recommend you deploy RoundCube on a server not connected to the internet first. That way you could allow PHP to display errors on the web page. Then, once you get RoundCube working on a test server, you can deploy it on a public-facing internet server.
-- Charles Dostale System Admin - Silver Oaks Communications http://www.silveroaks.com/ 824 17th Street, Moline IL 61265
List info: http://lists.roundcube.net/users/
List info: http://lists.roundcube.net/users/
fakessh :
You sent a message to the list ( in addition to this one ) that had
my address in the " From: " header instead of yours. Please adjust
your MUA or MTA setting to refrain from that in future messages.
On Nov 19, 2009, at 12:02 PM, fakessh@fakessh.eu wrote:
I currently installed in one of my vhosts roundcubemail 0.3.1, the
installer told me that everything is ok, the log directories are ok and yet I
still did not log
Did you manually check the log directory ownership / permissions, or
just trust the installer ?
Without log files of error messages, there is not much I can help.
there was a post of Tue, 10 Nov 2009 15:16:33 +0100 (CET) there was a email entitled [RCU] mcrypt issues In this email advice to change program/include/rcmail.php lin 993
to $iv =8;you think it is necessary to make the change indicated in the
thread in question a email entitled [RCU] mcrypt issues to solve my problems authentication
I do not know if your problem is the same as the mcrypt problem that
impacted someone else.
Getting error messages from a log file is the only way to
troubleshoot your issue.
If you are running a RoundCube instance not directly connected to the
Internet, you could try turning on the display of error in /etc/
php.ini like this :
display_errors = On
There are two places in the php.ini file where that parameter is
located, make sure only one is active.
Le jeudi 19 novembre 2009 19:38, chasd a écrit :
Did you manually check the log directory ownership / permissions, or just trust the installer ? Without log files of error messages, there is not much I can help.
Hi charles Hi chasd Hi all Hi list
sorry for the too posting I instinctively respond to because all my mail client. This is the reason for this
I trust the installer, and for more security in Consern rights and permissions my files belong to root: root with the same permissions as the tarbaal
permissions and rights seems correct
[root@r13151 ~]# ls -All /home/fakessh/public_html/roundcube/ total 92 drwxr-xr-x 2 root root 4096 nov 18 22:10 bin -rw-r--r-- 1 root root 2926 nov 18 22:10 CHANGELOG drwxrwxrwx 2 root root 4096 nov 18 22:36 config -rw-r--r-- 1 root root 9829 nov 18 22:10 index.php -rw-r--r-- 1 root root 7645 nov 18 22:10 INSTALL -rw-r--r-- 1 root root 17987 nov 18 22:10 LICENSE drwxrwxrwx 2 root root 4096 nov 18 22:39 logs drwxr-xr-x 22 root root 4096 nov 18 22:10 plugins drwxr-xr-x 7 root root 4096 nov 18 22:10 program -rw-r--r-- 1 root root 1856 nov 18 22:10 README -rw-r--r-- 1 root root 26 nov 18 22:10 robots.txt drwxr-xr-x 3 root root 4096 nov 18 22:10 skins drwxr-xr-x 2 root root 4096 nov 18 22:10 SQL drwxrwxrwx 2 root root 4096 nov 18 22:10 temp -rw-r--r-- 1 root root 4668 nov 18 22:10 UPGRADING [root@r13151 ~]#
there was a post of Tue, 10 Nov 2009 15:16:33 +0100 (CET) there was a email entitled [RCU] mcrypt issues In this email advice to change program/include/rcmail.php lin 993 to $iv =8;
you think it is necessary to make the change indicated in the thread in question a email entitled [RCU] mcrypt issues to solve my problems authentication
I do not know if your problem is the same as the mcrypt problem that impacted someone else.
Yet there was much mail is sent on a problem with php-mcrypt entitled [RCU] mcrypt issues . date post Tue, 10 Nov 2009 15:16:33 +0100 (CET) Tue, 10 Nov 2009 06:13:10 -0800 (PST)
Getting error messages from a log file is the only way to troubleshoot your issue.
I can go through the driver syslogd to try but I do not really know how to parameterize the otherwise for the moment I have no log
a member of the list CentOS-fr has managed to walk roundcubemail with php 5.3, I can allow myself an upgrade php to see!
List info: http://lists.roundcube.net/users/
On Nov 19, 2009, at 1:26 PM, fakessh@fakessh.eu wrote:
[root@r13151 ~]# ls -All /home/fakessh/public_html/roundcube/ total 92 drwxr-xr-x 2 root root 4096 nov 18 22:10 bin -rw-r--r-- 1 root root 2926 nov 18 22:10 CHANGELOG drwxrwxrwx 2 root root 4096 nov 18 22:36 config -rw-r--r-- 1 root root 9829 nov 18 22:10 index.php -rw-r--r-- 1 root root 7645 nov 18 22:10 INSTALL -rw-r--r-- 1 root root 17987 nov 18 22:10 LICENSE drwxrwxrwx 2 root root 4096 nov 18 22:39 logs drwxr-xr-x 22 root root 4096 nov 18 22:10 plugins drwxr-xr-x 7 root root 4096 nov 18 22:10 program -rw-r--r-- 1 root root 1856 nov 18 22:10 README -rw-r--r-- 1 root root 26 nov 18 22:10 robots.txt drwxr-xr-x 3 root root 4096 nov 18 22:10 skins drwxr-xr-x 2 root root 4096 nov 18 22:10 SQL drwxrwxrwx 2 root root 4096 nov 18 22:10 temp -rw-r--r-- 1 root root 4668 nov 18 22:10 UPGRADING
As a security issue, your config directory is writable by the web
server process. This could allow an attacker to write to your
configuration file from a web script. The permissions on my install
do not allow that.
[chasd@mail roundcube]$ ls -l
<snip> drwxr-xr-x 2 chasd users 4096 2009-11-03 17:18 config
You don't want any user to have access to certain directories, but
allow the web server process to write. This prevents snooping if an
attacker gains access to some other account.
drwxrwxr-x 2 chasd apache 4096 2009-11-16 08:59 logs
drwxrwxr-x 2 chasd apache 4096 2009-11-18 15:26 temp
The log files are owned by the web server process
[chasd@mail roundcube]$ ls -l logs/ -rw-r--r-- 1 apache apache 415 2009-11-16 08:59 errors -rw-r--r-- 1 apache apache 1634 2009-11-18 15:26 sendmail
Yet there was much mail is sent on a problem with php-mcrypt
entitled [RCU] mcrypt issues .
I am not convinced that is your problem, there is no proof from log
file errors. I think it would be best to fix your logging problem first.
I can go through the driver syslogd to try but I do not really know
how to parameterize the otherwise for the moment I have no log
RoundCube writes its errors to the " errors " file in its logs
directory.
PHP writes errors however you have it configured, usually the web
server error log ( /var/log/httpd/error_log ).
Each log provides a different insight into the problem.
You have many options to configure PHP logging in /etc/php.ini, read
it to decide what is best for you. I personally don't like logging
PHP errors to syslog, there is too much other stuff going into that
log already.
Le jeudi 19 novembre 2009 21:21, chasd a écrit :
RoundCube writes its errors to the " errors " file in its logs directory. PHP writes errors however you have it configured, usually the web server error log ( /var/log/httpd/error_log ). Each log provides a different insight into the problem.
You have many options to configure PHP logging in /etc/php.ini, read it to decide what is best for you. I personally don't like logging PHP errors to syslog, there is too much other stuff going into that log already.
I'll go see a friend in a business like yours that will make me a clean installation. I remove the roundcube vhosts away and we left for the evening hours in Paris
thanks Charles _______________________________________________ List info: http://lists.roundcube.net/users/
Le jeudi 19 novembre 2009 22:10, fakessh@fakessh.eu a écrit :
Le jeudi 19 novembre 2009 21:21, chasd a écrit :
RoundCube writes its errors to the " errors " file in its logs directory. PHP writes errors however you have it configured, usually the web server error log ( /var/log/httpd/error_log ). Each log provides a different insight into the problem.
You have many options to configure PHP logging in /etc/php.ini, read it to decide what is best for you. I personally don't like logging PHP errors to syslog, there is too much other stuff going into that log already.
I'll go see a friend in a business like yours that will make me a clean installation. I remove the roundcube vhosts away and we left for the evening hours in Paris
thanks Charles _______________________________________________ List info: http://lists.roundcube.net/users/
Hi all Hi list Hi charles , welcome , nice to meet you
I went to see my friend in the computer company, a technician UNIX system administrator and programmer of web application my installation is now safe and solid as a rock it helps me put up a subdomain on any of my areas that now points to roundcubemail we created a specific user and all housed in a specific directory using a specific vhosts useradd -d /home/roundcube -m -s /bin/false -g users roundcube
I give the command ls -All the directory
[root@r13151 ~]# ls -All /home/roundcube/www/ total 108 drwx---r-x 2 roundcube users 4096 oct 31 14:21 bin -rw----r-- 1 roundcube users 2926 oct 31 14:20 CHANGELOG drwx---r-x 2 roundcube users 4096 nov 21 18:37 config -rw----r-- 1 roundcube users 1149 nov 21 17:51 .htaccess -rw----r-- 1 roundcube users 9829 nov 21 19:21 index.php -rw----r-- 1 roundcube users 18 nov 21 18:08 info.php -rw----r-- 1 roundcube users 7857 oct 31 14:44 INSTALL -rw----r-- 1 roundcube users 7645 ao� 28 10:29 INSTALL.orig -rw----r-- 1 roundcube users 17987 oct 29 2008 LICENSE drwx---rwx 2 roundcube users 4096 oct 31 14:20 logs drwx---r-x 22 roundcube users 4096 oct 31 14:20 plugins drwx---r-x 7 roundcube users 4096 oct 31 14:21 program -rw----r-- 1 roundcube users 1932 oct 31 14:44 README -rw----r-- 1 roundcube users 26 mar 22 2008 robots.txt drwx---r-x 3 roundcube users 4096 oct 31 14:20 skins drwx---r-x 2 roundcube users 4096 oct 31 14:20 SQL drwx---rwx 2 roundcube users 4096 oct 31 14:20 temp -rw----r-- 1 roundcube users 4668 mai 31 10:37 UPGRADING [root@r13151 ~]#
We've done some debug php to realize that line 81 was not running by doing step by step with the following echo'' to see if the line is running print_r and analyzed for the variables. So S_POST is empty
// try to log in if ($RCMAIL->action=='login' && $RCMAIL->task=='mail') { // purge the session in case of new login when a session already exists $RCMAIL->kill_session();
$auth = $RCMAIL->plugins->exec_hook('authenticate', array( 'host' => $RCMAIL->autoselect_host(), @@@@@@@@@@@@@@@@@@@@@@@
it is one sub domain http://roundcube.nicolaspichot.fr/
it is the phpinfo() page http://roundcube.nicolaspichot.fr/info.php
a telnet session opens without problem [swilting@new-host-2 ~]$ telnet roundcube.nicolaspichot.fr 143 Trying 87.98.186.232... Connected to roundcube.nicolaspichot.fr (87.98.186.232). Escape character is '^]'.
- OK Dovecot ready.
a login nicolaspichot ************** a OK Logged in. a select inbox
- FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
- OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft *)] Flags
permitted.
- 2 EXISTS
- 0 RECENT
- OK [UNSEEN 1] First unseen.
- OK [UIDVALIDITY 1258627412] UIDs valid
- OK [UIDNEXT 3] Predicted next UID
a OK [READ-WRITE] Select completed. a logout
- BYE Logging out
a OK Logout completed. Connection closed by foreign host. [swilting@new-host-2 ~]$
I can not have any log in page index.php effect runs only up to line 81
List info: http://lists.roundcube.net/users/
On Nov 21, 2009, at 3:38 PM, fakessh@fakessh.eu wrote:
I can not have any log in page index.php effect runs only up to
line 81
There should be some type of PHP error in the web server log, even if
RoundCube doesn't write a log file.
Le lundi 23 novembre 2009 17:26, chasd a écrit :
There should be some type of PHP error in the web server log, even if RoundCube doesn't write a log file.
hi charles hi all hi list
Here is the information you request it from the vhosts that contains roundcubemail, which is installed properly. like the fact my friend the computer company
I received a lecture of computer that day. I thank, I learned a lot in three hours
the log file of vhosts :
[root@r13151 ~]# tail -f /var/log/httpd/roundcube-error_log [Mon Nov 23 00:54:27 2009] [error] [client 81.56.161.95] ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD " required. [file "/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Reque st Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "roundcube.renelacrout e.fr"] [uri "/"] [unique_id "bdt3UVdiuugAAHbbVjAAAAAA"] [Mon Nov 23 00:54:27 2009] [error] [client 81.56.161.95] ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD " required. [file "/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Reque st Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "roundcube.renelacrout e.fr"] [uri "/skins/default/common.css"] [unique_id "bea-jFdiuugAAHbrfQQAAAAF"] [Mon Nov 23 00:54:27 2009] [error] [client 81.56.161.95] ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD " required. [file "/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Reque st Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "roundcube.renelacrout e.fr"] [uri "/skins/default/images/roundcube_logo.png"] [unique_id "becyH1diuugAAHbgXvgAAAAB"] [Mon Nov 23 00:54:32 2009] [error] [client 81.56.161.95] ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD " required. [file "/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Reque st Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "roundcube.renelacrout e.fr"] [uri "/"] [unique_id "bjVcpldiuugAAHbte-kAAAAG"] [Mon Nov 23 10:29:06 2009] [error] [client 62.147.237.78] ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHO D" required. [file "/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Requ est Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "roundcube.fakessh.eu "] [uri "/"] [unique_id "dPm5eFdiuugAAHbrfQ0AAAAF"] [Mon Nov 23 11:57:18 2009] [error] [client 213.41.153.223] File does not exist: /home/roundcube/www/favicon.ico [Mon Nov 23 12:11:31 2009] [error] [client 213.41.153.223] File does not exist: /home/roundcube/www/favicon.ico [Mon Nov 23 15:51:28 2009] [error] [client 213.41.153.223] File does not exist: /home/roundcube/www/favicon.ico [Mon Nov 23 15:55:47 2009] [error] [client 213.41.153.223] File does not exist: /home/roundcube/www/favicon.ico [Mon Nov 23 16:12:11 2009] [error] [client 213.41.153.223] File does not exist: /home/roundcube/www/favicon.ico [Mon Nov 23 17:19:28 2009] [error] [client 83.193.172.167] File does not exist: /home/roundcube/www/favicon.ico [Mon Nov 23 17:19:31 2009] [error] [client 83.193.172.167] File does not exist: /home/roundcube/www/favicon.ico
[root@r13151 ~]# tail -f /var/log/httpd/roundcube-access_log 83.193.172.167 - - [23/Nov/2009:17:19:28 +0100] "GET /favicon.ico HTTP/1.1" 404 299 83.193.172.167 - - [23/Nov/2009:17:19:31 +0100] "GET /favicon.ico HTTP/1.1" 404 299 85.92.222.254 - - [23/Nov/2009:17:28:25 +0100] "GET / HTTP/1.1" 200 2679 193.164.156.10 - - [23/Nov/2009:17:28:25 +0100] "GET / HTTP/1.1" 200 2441 193.164.156.10 - - [23/Nov/2009:17:28:26 +0100] "GET /skins/default/images/favicon.ico HTTP/1.1" 200 1150 193.164.156.10 - - [23/Nov/2009:17:28:26 +0100] "GET /skins/default/common.css?s=1254823233 HTTP/1.1" 200 8671 193.164.156.10 - - [23/Nov/2009:17:28:26 +0100] "GET /program/js/common.js?s=1256995296 HTTP/1.1" 200 11303 193.164.156.10 - - [23/Nov/2009:17:28:26 +0100] "GET /program/js/jquery-1.3.min.js?s=1240222531 HTTP/1.1" 200 57254 193.164.156.10 - - [23/Nov/2009:17:28:26 +0100] "GET /program/js/app.js?s=1256995295 HTTP/1.1" 200 89866 193.164.156.10 - - [23/Nov/2009:17:28:26 +0100] "GET /skins/default/images/roundcube_logo.png HTTP/1.1" 200 6794 193.164.156.10 - - [23/Nov/2009:17:28:26 +0100] "GET /skins/default/images/listheader.gif HTTP/1.1" 200 538 193.164.156.10 - - [23/Nov/2009:17:28:27 +0100] "GET /skins/default/images/buttons/bg.gif HTTP/1.1" 200 211 85.92.222.254 - - [23/Nov/2009:17:28:33 +0100] "GET / HTTP/1.1" 200 2679 193.164.156.10 - - [23/Nov/2009:17:28:33 +0100] "GET / HTTP/1.1" 200 2441 193.164.156.10 - - [23/Nov/2009:17:28:34 +0100] "GET /skins/default/images/favicon.ico HTTP/1.1" 200 1150 193.164.156.10 - - [23/Nov/2009:17:28:34 +0100] "GET /skins/default/common.css?s=1254823233 HTTP/1.1" 200 8671 193.164.156.10 - - [23/Nov/2009:17:28:34 +0100] "GET /program/js/common.js?s=1256995296 HTTP/1.1" 200 11303 193.164.156.10 - - [23/Nov/2009:17:28:34 +0100] "GET /program/js/jquery-1.3.min.js?s=1240222531 HTTP/1.1" 200 57254 193.164.156.10 - - [23/Nov/2009:17:28:34 +0100] "GET /program/js/app.js?s=1256995295 HTTP/1.1" 200 89866 193.164.156.10 - - [23/Nov/2009:17:28:34 +0100] "GET /skins/default/images/listheader.gif HTTP/1.1" 200 538 193.164.156.10 - - [23/Nov/2009:17:28:34 +0100] "GET /skins/default/images/roundcube_logo.png HTTP/1.1" 200 6794 193.164.156.10 - - [23/Nov/2009:17:28:34 +0100] "GET /skins/default/images/buttons/bg.gif HTTP/1.1" 200 211 83.193.172.167 - - [23/Nov/2009:19:15:30 +0100] "GET /?_task=&_action=login HTTP/1.1" 200 2534 83.193.172.167 - - [23/Nov/2009:19:16:08 +0100] "GET /?_task=&_action=login HTTP/1.1" 200 2534 83.193.172.167 - - [23/Nov/2009:19:16:09 +0100] "GET /skins/default/common.css?s=1254823233 HTTP/1.1" 304 - 83.193.172.167 - - [23/Nov/2009:19:16:09 +0100] "GET /program/js/jquery-1.3.min.js?s=1240222531 HTTP/1.1" 304 - 83.193.172.167 - - [23/Nov/2009:19:16:09 +0100] "GET /program/js/common.js?s=1256995296 HTTP/1.1" 304 - 83.193.172.167 - - [23/Nov/2009:19:16:09 +0100] "GET /program/js/app.js?s=1256995295 HTTP/1.1" 304 - 83.193.172.167 - - [23/Nov/2009:19:16:09 +0100] "GET /skins/default/images/roundcube_logo.png HTTP/1.1" 304 - 83.193.172.167 - - [23/Nov/2009:19:16:09 +0100] "GET /skins/default/images/listheader.gif HTTP/1.1" 304 - 83.193.172.167 - - [23/Nov/2009:19:16:09 +0100] "GET /skins/default/images/buttons/bg.gif HTTP/1.1" 304 - 83.193.172.167 - - [23/Nov/2009:19:16:09 +0100] "GET /skins/default/images/display/icons.png HTTP/1.1" 304 - 83.193.172.167 - - [23/Nov/2009:19:20:36 +0100] "POST / HTTP/1.1" 200 2441 [root@r13151 ~]#
thanks charlles
thanks all _______________________________________________ List info: http://lists.roundcube.net/users/
Le lundi 23 novembre 2009 20:26, fakessh@fakessh.eu a écrit :
Le lundi 23 novembre 2009 17:26, chasd a écrit :
There should be some type of PHP error in the web server log, even if RoundCube doesn't write a log file.
hi charles hi all hi list
Here is the information you request it from the vhosts that contains roundcubemail, which is installed properly. like the fact my friend the computer company
I received a lecture of computer that day. I thank, I learned a lot in three hours
the log file of vhosts :
[root@r13151 ~]# tail -f /var/log/httpd/roundcube-error_log [Mon Nov 23 00:54:27 2009] [error] [client 81.56.161.95] ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD " required. [file "/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Reque st Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "roundcube.renelacrout e.fr"] [uri "/"] [unique_id "bdt3UVdiuugAAHbbVjAAAAAA"] [Mon Nov 23 00:54:27 2009] [error] [client 81.56.161.95] ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD " required. [file "/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Reque st Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "roundcube.renelacrout e.fr"] [uri "/skins/default/common.css"] [unique_id "bea-jFdiuugAAHbrfQQAAAAF"] [Mon Nov 23 00:54:27 2009] [error] [client 81.56.161.95] ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD " required. [file "/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Reque st Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "roundcube.renelacrout e.fr"] [uri "/skins/default/images/roundcube_logo.png"] [unique_id "becyH1diuugAAHbgXvgAAAAB"] [Mon Nov 23 00:54:32 2009] [error] [client 81.56.161.95] ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD " required. [file "/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Reque st Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "roundcube.renelacrout e.fr"] [uri "/"] [unique_id "bjVcpldiuugAAHbte-kAAAAG"] [Mon Nov 23 10:29:06 2009] [error] [client 62.147.237.78] ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHO D" required. [file "/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Requ est Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "roundcube.fakessh.eu "] [uri "/"] [unique_id "dPm5eFdiuugAAHbrfQ0AAAAF"] [Mon Nov 23 11:57:18 2009] [error] [client 213.41.153.223] File does not exist: /home/roundcube/www/favicon.ico [Mon Nov 23 12:11:31 2009] [error] [client 213.41.153.223] File does not exist: /home/roundcube/www/favicon.ico [Mon Nov 23 15:51:28 2009] [error] [client 213.41.153.223] File does not exist: /home/roundcube/www/favicon.ico [Mon Nov 23 15:55:47 2009] [error] [client 213.41.153.223] File does not exist: /home/roundcube/www/favicon.ico [Mon Nov 23 16:12:11 2009] [error] [client 213.41.153.223] File does not exist: /home/roundcube/www/favicon.ico [Mon Nov 23 17:19:28 2009] [error] [client 83.193.172.167] File does not exist: /home/roundcube/www/favicon.ico [Mon Nov 23 17:19:31 2009] [error] [client 83.193.172.167] File does not exist: /home/roundcube/www/favicon.ico
[root@r13151 ~]# tail -f /var/log/httpd/roundcube-access_log 83.193.172.167 - - [23/Nov/2009:17:19:28 +0100] "GET /favicon.ico HTTP/1.1" 404 299 83.193.172.167 - - [23/Nov/2009:17:19:31 +0100] "GET /favicon.ico HTTP/1.1" 404 299 85.92.222.254 - - [23/Nov/2009:17:28:25 +0100] "GET / HTTP/1.1" 200 2679 193.164.156.10 - - [23/Nov/2009:17:28:25 +0100] "GET / HTTP/1.1" 200 2441 193.164.156.10 - - [23/Nov/2009:17:28:26 +0100] "GET /skins/default/images/favicon.ico HTTP/1.1" 200 1150 193.164.156.10 - - [23/Nov/2009:17:28:26 +0100] "GET /skins/default/common.css?s=1254823233 HTTP/1.1" 200 8671 193.164.156.10 - - [23/Nov/2009:17:28:26 +0100] "GET /program/js/common.js?s=1256995296 HTTP/1.1" 200 11303 193.164.156.10 - - [23/Nov/2009:17:28:26 +0100] "GET /program/js/jquery-1.3.min.js?s=1240222531 HTTP/1.1" 200 57254 193.164.156.10 - - [23/Nov/2009:17:28:26 +0100] "GET /program/js/app.js?s=1256995295 HTTP/1.1" 200 89866 193.164.156.10 - - [23/Nov/2009:17:28:26 +0100] "GET /skins/default/images/roundcube_logo.png HTTP/1.1" 200 6794 193.164.156.10 - - [23/Nov/2009:17:28:26 +0100] "GET /skins/default/images/listheader.gif HTTP/1.1" 200 538 193.164.156.10 - - [23/Nov/2009:17:28:27 +0100] "GET /skins/default/images/buttons/bg.gif HTTP/1.1" 200 211 85.92.222.254 - - [23/Nov/2009:17:28:33 +0100] "GET / HTTP/1.1" 200 2679 193.164.156.10 - - [23/Nov/2009:17:28:33 +0100] "GET / HTTP/1.1" 200 2441 193.164.156.10 - - [23/Nov/2009:17:28:34 +0100] "GET /skins/default/images/favicon.ico HTTP/1.1" 200 1150 193.164.156.10 - - [23/Nov/2009:17:28:34 +0100] "GET /skins/default/common.css?s=1254823233 HTTP/1.1" 200 8671 193.164.156.10 - - [23/Nov/2009:17:28:34 +0100] "GET /program/js/common.js?s=1256995296 HTTP/1.1" 200 11303 193.164.156.10 - - [23/Nov/2009:17:28:34 +0100] "GET /program/js/jquery-1.3.min.js?s=1240222531 HTTP/1.1" 200 57254 193.164.156.10 - - [23/Nov/2009:17:28:34 +0100] "GET /program/js/app.js?s=1256995295 HTTP/1.1" 200 89866 193.164.156.10 - - [23/Nov/2009:17:28:34 +0100] "GET /skins/default/images/listheader.gif HTTP/1.1" 200 538 193.164.156.10 - - [23/Nov/2009:17:28:34 +0100] "GET /skins/default/images/roundcube_logo.png HTTP/1.1" 200 6794 193.164.156.10 - - [23/Nov/2009:17:28:34 +0100] "GET /skins/default/images/buttons/bg.gif HTTP/1.1" 200 211 83.193.172.167 - - [23/Nov/2009:19:15:30 +0100] "GET /?_task=&_action=login HTTP/1.1" 200 2534 83.193.172.167 - - [23/Nov/2009:19:16:08 +0100] "GET /?_task=&_action=login HTTP/1.1" 200 2534 83.193.172.167 - - [23/Nov/2009:19:16:09 +0100] "GET /skins/default/common.css?s=1254823233 HTTP/1.1" 304 - 83.193.172.167 - - [23/Nov/2009:19:16:09 +0100] "GET /program/js/jquery-1.3.min.js?s=1240222531 HTTP/1.1" 304 - 83.193.172.167 - - [23/Nov/2009:19:16:09 +0100] "GET /program/js/common.js?s=1256995296 HTTP/1.1" 304 - 83.193.172.167 - - [23/Nov/2009:19:16:09 +0100] "GET /program/js/app.js?s=1256995295 HTTP/1.1" 304 - 83.193.172.167 - - [23/Nov/2009:19:16:09 +0100] "GET /skins/default/images/roundcube_logo.png HTTP/1.1" 304 - 83.193.172.167 - - [23/Nov/2009:19:16:09 +0100] "GET /skins/default/images/listheader.gif HTTP/1.1" 304 - 83.193.172.167 - - [23/Nov/2009:19:16:09 +0100] "GET /skins/default/images/buttons/bg.gif HTTP/1.1" 304 - 83.193.172.167 - - [23/Nov/2009:19:16:09 +0100] "GET /skins/default/images/display/icons.png HTTP/1.1" 304 - 83.193.172.167 - - [23/Nov/2009:19:20:36 +0100] "POST / HTTP/1.1" 200 2441 [root@r13151 ~]#
thanks charlles
thanks all _______________________________________________ List info: http://lists.roundcube.net/users/
Hi list Hi all
removing mod_security apache server, I finally have access to webmail roundcube
mod_security is still important to combat all kinds of attacks
remove mod_security is not a stable solution, my server becomes vulnerable to all sorts of attacks
I use the last official realease team roundcube: ie the version 0.3.1 and plus I never managed to run the installer
thanks for all your feedbacks
List info: http://lists.roundcube.net/users/
Sorry I was too busy yesterday to respond to your post on RCU.
When I glanced at your post, I thought it might be mod_security
causing the issue.
[file "/etc/httpd/modsecurity.d/ modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Reque st Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname
"roundcube.renelacrout e.fr"] [uri "/"] [unique_id "bdt3UVdiuugAAHbbVjAAAAAA"] [Mon Nov 23 00:54:27 2009] [error] [client 81.56.161.95] ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD " required.
There are several errors related to this. Some Googling indicates a header needs to be added to the output.
A quick search indicates several files that would need to be modified :
[chasd@mail roundcube]$ find . -name '*.php' -exec grep -l "header ('Content-Type:" {} ; ./program/js/tiny_mce/plugins/spellchecker/rpc.php ./program/include/rcube_html_page.php ./program/include/rcube_json_output.php ./bin/html2text.php ./bin/modcss.php
This page : http://framework.zend.com/issues/browse/ZF-3017
indicates this line should be added to each of those files after the
content type header :
header('Accept: text/xml');
As for the
Match of "rx ^OPTIONS$" against "REQUEST_METHOD"
that is a warning and shouldn't impact the functionality of RoundCube.
I did not find a fix for that warning, and I'm not familiar enough
with mod_security to know exactly what it is complaining about.
My Google search indicates that other web apps that control their
headers run into this issue with mod_security, notably Gallery2.
[chasd@mail roundcube]$ find . -name '*.php' -exec grep -l "header ('Content-Type:" {} ; ./program/js/tiny_mce/plugins/spellchecker/rpc.php ./program/include/rcube_html_page.php ./program/include/rcube_json_output.php ./bin/html2text.php ./bin/modcss.php
Research indicates that you referred me over file
[root@r13151 www]# find . -name '*.php' -exec grep -l "header ('Content-Type:" {} ; ./bin/decrypt.php ./bin/html2text.php ./bin/modcss.php ./config/main.inc.php ./index.php ./plugins/managesieve/lib/rcube_sieve.php ./plugins/managesieve/managesieve.php ./plugins/password/drivers/directadmin.php ./program/include/html.php ./program/include/rcube_config.php ./program/include/rcube_html_page.php ./program/include/rcube_imap.php ./program/include/rcube_json_output.php ./program/include/rcube_mail_mime.php ./program/include/rcube_smtp.php ./program/js/tiny_mce/plugins/spellchecker/classes/GoogleSpell.php ./program/js/tiny_mce/plugins/spellchecker/rpc.php [root@r13151 www]#
This page : http://framework.zend.com/issues/browse/ZF-3017
indicates this line should be added to each of those files after the
content type header :header('Accept: text/xml');
As for the
Match of "rx ^OPTIONS$" against "REQUEST_METHOD"
exactly how it should change the file returned by the command quoted above
I'm not a very friendly atmosphere great php and I want to know exactly what I have to do
I thank you in advance for the help that you could bring me to correct files that require changes. thank you for your valuable help
thanks charles
List info: http://lists.roundcube.net/users/
-
chasd -
fakessh -
fakessh@fakessh.eu