[horde] change horde URI possible
Vogt, Burkhard
burkhard.vogt at altairsystems.de
Tue May 23 12:26:52 PDT 2006
Hi,
I found the solution, just rename the horde directory as you like (e.g.
mywebmail)
and change in (formerly) horde/config/prefs.php the intialization of
$webroot to your selected webroot.
The reason why I think this is recommendable, is that attackers know
common (especially *default*)
names, as you can see:
62.167.8.245 - - [24/Apr/2006:22:56:47 +0200] "GET /horde//README
HTTP/1.1" 200 3032
62.167.8.245 - - [24/Apr/2006:22:56:47 +0200] "GET /horde2//README
HTTP/1.1" 404 212
62.167.8.245 - - [24/Apr/2006:22:56:47 +0200] "GET /horde3//README
HTTP/1.1" 404 212
62.167.8.245 - - [24/Apr/2006:22:56:47 +0200] "GET /horde-3.0.9//README
HTTP/1.1" 404 217
62.167.8.245 - - [24/Apr/2006:22:56:48 +0200] "GET /Horde//README
HTTP/1.1" 404 211
Regards,
Burkhard
Vogt, Burkhard wrote:
> Hi,
>
> unfortunately we've been target concerning the latest horde security
> issue,
> which leads me to question, how our server has been identified.
> Has anyone an idea?
>
> Is it possibly the usage of the horde-URI?
> If yes, where do I have to make changes (except in apache)?
>
> Thanks for any hints in advance!
>
> Regards,
> Burkhard
>
More information about the horde
mailing list