Hi, when I open roundcubemail (login screen), I find the following message: Code: Installer script is still accessible The install script of your Roundcube installation is still stored in its default location! Please remove the whole installer folder from the Roundcube directory because . these files may expose sensitive configuration data like server passwords and encryption keys to the public. Make sure you cannot access the installer script from your browser. When I click on the link provided I get a 403 error. The link leads to a folder that doesn't exist. How can I get rid of that message? It's version 1.1.12
I believe it is this code that checks if the file is there: Code: // check if installer is still active if ($RCMAIL->config->get('enable_installer') && is_readable('./installer/index.php')) { Show output of ls command to verify what is in that installer directory.
That's easy, there is no ./installer directory, because I removed it. The only thing that I could imagine is that I have missed the location of the roundcube installation. I found it in /var/www/html/roundcubemail. If it has been installed elsewhere, I would need to know where.
I found it in /usr/share/roundcubemail. It seems the script checked there. After removing the installer directory from there, the message doesn't popup any more. However: for what purpose is the installation in /var/www?