Listas wrote:
> Inspecting my logs, I see that cracker tools are developing an increased
> interest in Roundcube. For example, tests for the /bin/msgimport shell
> script are common.
>
> I'm not sure if they want the script to attempt abusing it (if server
> configuration allows that) or to check for the Roundcube version (other
> tools display the CHANGELOG file, in what is obviously an
> identification+version probe). In any case, why are those scripts in
> 'roundcube/bin' instead of being elsewhere, outside of the
> web-accessible tree?
>
> Carlos
>
There were some concerns with bin scripts recently.
See also http://trac.roundcube.net/ticket/1485269, but devs decided to
put the burden of protection onto admin shoulders.
--
Dennis
_______________________________________________
List info: http://lists.roundcube.net/users/
