Hello Everyone: I am using the latest version of ispconfig. In order to provide an easy way for all my customers to access their email via roundcube mail, I installed this client in my website and symlinked it into each customers /webmail directory, so that they could access their mail just using www.theirdomain.com/webmail I woke up this morning and found that whenever i would try to accesses /webmail, apache would give me a 403 error. Upon investigation, I found that the root of my directory, /var/www/web6 was owned by root, and the permissions were set to 700. Has anyone else experienced anything else like this with ispconfig? I changed the permission back, and everything seems to be working ok. Can anyone shed some light on this change?
Redirect If you want to redirect www.anydomainonyourserver.tld/webmail to your webmailclient, you also can use the Redirect option within your /etc/apache2/apache2.conf file like this: Redirect /webmail http://www.yourhostingcompany.com:81/roundcubemail Of course restart apache2 afterwards with /etc/init.d/apache2 restart Personally, i think this is a better solution.
It doesn't seem like it would be something that ispconfig would do (change the owner and permissions of my root web directory) So I think i was hacked. The only place that i can think would have been the entry point is my really old Joomla installation. My question is, if someone did get in through that point, would they have access to anything else outside my /var/www/web6? /var/www/web6 is owned by usual user (admin) and /var/www/web6/web was owned by www-data
actually turns out ispconfig did change the owner and permissions. My site hit the traffic limit and ispconfig acted as it was supposed to! Aqua
