[horde] change horde URI possible

Vogt, Burkhard burkhard.vogt at altairsystems.de
Tue May 23 12:26:52 PDT 2006


Hi,

I found the solution, just rename the horde directory as you like (e.g. 
mywebmail)
and change in (formerly) horde/config/prefs.php the intialization of 
$webroot to your selected webroot.

The reason why I think this is recommendable, is that attackers know 
common (especially *default*)
names, as you can see:

62.167.8.245 - - [24/Apr/2006:22:56:47 +0200] "GET /horde//README 
HTTP/1.1" 200 3032
62.167.8.245 - - [24/Apr/2006:22:56:47 +0200] "GET /horde2//README 
HTTP/1.1" 404 212
62.167.8.245 - - [24/Apr/2006:22:56:47 +0200] "GET /horde3//README 
HTTP/1.1" 404 212
62.167.8.245 - - [24/Apr/2006:22:56:47 +0200] "GET /horde-3.0.9//README 
HTTP/1.1" 404 217
62.167.8.245 - - [24/Apr/2006:22:56:48 +0200] "GET /Horde//README 
HTTP/1.1" 404 211

Regards,
Burkhard

Vogt, Burkhard wrote:

> Hi,
>
> unfortunately we've been target concerning the latest horde security 
> issue,
> which leads me to question, how our server has been identified.
> Has anyone an idea?
>
> Is it possibly the usage of the horde-URI?
> If yes, where do I have to make changes (except in apache)?
>
> Thanks for any hints in advance!
>
> Regards,
> Burkhard
>



More information about the horde mailing list