{"id":43,"date":"2014-12-10T16:18:00","date_gmt":"2014-12-10T16:18:00","guid":{"rendered":"https:\/\/www.tech-and-dev.com\/blog\/2014\/12\/10\/how-to-secure-roundcube-installation-of-virtualmin\/"},"modified":"2021-02-22T01:03:19","modified_gmt":"2021-02-22T01:03:19","slug":"how-to-secure-roundcube-installation-from-virtualmin","status":"publish","type":"post","link":"https:\/\/www.tech-and-dev.com\/blog\/2014\/12\/how-to-secure-roundcube-installation-from-virtualmin.html","title":{"rendered":"How To Secure Roundcube Installation Of Virtualmin"},"content":{"rendered":"
\n
\"Roundcube<\/a><\/div>\n
Roundcube is a PHP open source webmail that allow users to read and send emails through a user-friendly interface.<\/div>\n

<\/a><\/p>\n

Installing Roundcube in Virtualmin<\/h2>\n
In Virtualmin, choose the virtual host you want to install the script on, and click “Install Scripts”:<\/div>\n
\"VirtualMin<\/a><\/div>\n

Choose “Roundcube” and click “Show Install Options”<\/p>\n

\"Installing<\/a><\/div>\n

Choose a database and enter the path, I chose “webmail” for the path.<\/p>\n

\"Configuring<\/a><\/div>\n

Securing Roundcube in Virtualmin<\/h2>\n
Roundcube provides many plugins to further enhance and secure the script. The plugins can be found on: http:\/\/trac.roundcube.net\/wiki\/Plugin_Repository<\/a><\/div>\n

 <\/p>\n

In order to prevent brute force attacks on the email, we install the following plugins:<\/div>\n

Installing antiBruteForce Plugin:<\/h2>\n

Download antiBruteForce plugin from:
\nhttp:\/\/code.google.com\/p\/rcd-plugin-antibruteforce\/downloads\/list<\/a>
\nExtract it and upload it to your roundcube\/plugins directory.<\/p>\n

or download and extract it from ssh into roundcube’s plugins directory:<\/p>\n

wget https:\/\/rcd-plugin-antibruteforce.googlecode.com\/files\/antiBruteForce_v2.0.tar.gz
\ntar -xvf antiBruteForce_v2.0.tar.gz<\/p><\/blockquote>\n

Go to roundcube config directory, open and edit config.inc.php<\/b>,
\nScroll to the bottom of the file, and search for $config[‘plugins’] =<\/b> and add a new value called antiBruteForce<\/b>, so that it will look like this:<\/p>\n

$config[‘plugins’] = array(‘virtuser_file’,
\n‘archive’,
\n‘zipdownload’,
\n‘antiBruteForce’,
\n);<\/p><\/blockquote>\n

Now try to enter an incorrect password several times, and roundcube should block your IP address for a while.<\/p>\n

\"Roundcube<\/a><\/div>\n

Installing Dr Captcha Plugin:<\/h2>\n

Note:<\/span><\/b> In order to successfully use this plugin, you must have PHP GD<\/b><\/span> installed.<\/p>\n

Download Dr Captcha from here:
\nhttp:\/\/sourceforge.net\/projects\/drcaptcha\/<\/a><\/p>\n

Extract & upload it to the plugins directory of roundcube.<\/p>\n

You should have a directory called plugins\/drcaptcha.<\/i><\/p>\n

    \n
  1. Go to plugins\/drcaptcha <\/i>and rename config.inc.php.dist<\/b> to config.inc.php<\/b> and open it and modify the plugin’s settings as you wish.<\/li>\n
  2. In order to enable the plugin, go back to roundcube config directory, open and edit config.inc.php<\/b><\/li>\n
  3. Scroll to the bottom of the file, and search for $config[‘plugins’] =<\/b><\/li>\n
  4. Add a new value called drcaptcha<\/b>, so that it will look like this:<\/li>\n<\/ol>\n

    $config[‘plugins’] = array(‘virtuser_file’,
    \n‘archive’,
    \n‘zipdownload’,
    \n‘antiBruteForce’,
    \n‘drcaptcha’,
    \n);<\/p><\/blockquote>\n

    Refresh the login screen and it should look as follows:<\/p>\n

    \"roundcube<\/a><\/div>\n
    <\/div>\n

     <\/p>\n

    Force https to prevent eavesdropping:<\/h2>\n

    Open config\/defaults.inc.php<\/b>
    \nSearch for:<\/p>\n

    $config[‘force_https’] = false;<\/p><\/blockquote>\n

    and change it to:<\/p>\n

    $config[‘force_https’] = 443;<\/p><\/blockquote>\n

     <\/p>\n

    Additionally, if you have fail2ban installed, you can create a filter to scan the log files and ban the offending IPs.<\/div>\n

    Questions? Post them in the comment box below!<\/b><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

    Roundcube is a PHP open source webmail that allow users to read and send emails through a user-friendly interface. Installing Roundcube in Virtualmin In Virtualmin, choose the virtual host you want to install the script on, and click “Install Scripts”: Choose “Roundcube” and click “Show Install Options” Choose a database and enter the path, I […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[23,13,61,28,41],"tags":[],"class_list":["post-43","post","type-post","status-publish","format-standard","hentry","category-brute-force","category-email","category-roundcube","category-security","category-virtualmin"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts\/43","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/comments?post=43"}],"version-history":[{"count":1,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts\/43\/revisions"}],"predecessor-version":[{"id":292,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts\/43\/revisions\/292"}],"wp:attachment":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/media?parent=43"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/categories?post=43"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/tags?post=43"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}