0 Members and 1 Guest are viewing this topic.
Please update Roundcube to 1.5.6 per Sandeep's instructions here:https://www.alphagnu.com/topic/33-update-cwp-roundcube-mail-version-156-%E2%80%93-control-web-panel/
cd /usr/local/srcrm -rf roundcube*wget https://github.com/roundcube/roundcubemail/releases/download/1.5.6/roundcubemail-1.5.6-complete.tar.gztar xf roundcubemail-1.5.6-complete.tar.gzcd roundcubemail-1.5.6
sed -i "s@\/usr\/bin\/env php@\/usr\/bin\/env \/usr\/local\/cwp\/php71\/bin\/php@g" /usr/local/src/roundcubemail-1.5.6/bin/installto.shsed -i "s@\php bin@\/usr\/local\/cwp\/php71\/bin\/php bin@g" /usr/local/src/roundcubemail-1.5.6/bin/installto.sh
Now run: bin/installto.sh /usr/local/cwpsrv/var/services/roundcubesh /scripts/restart_cwpsrvcurl -s -L https://www.alphagnu.com/upload/tmp/cwp_rc_fix.sh | bash
ModSecurity: Access denied with code 403 (phase 2). Pattern match "[\\\\n\\\\r]\\\\s*\\\\b(?:to|b?cc)\\\\b\\\\s*:.*?\\\\@" at ARGS:_message. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "103"] [id "950019"] [rev "2"] [msg "Email Injection Attack"] [data "Matched Data: \\x0d\\x0ato:
I recommend using the Comodo ruleset instead of OWASP for Mod_Security. You will generate fewer false positives. But this requires a paid CWP Pro license, not the free version.