Wednesday, May 28, 2008

Prevent Squirrelmail from showing its version

Squirrelmail
This might be a security through obscurity tip, but, nevertheless it is security, or at least, it is a bit of discretion :)

I love Squirrelmail, but even if you enable the CAPTCHA login,by default, Squirrelmail shows which version it is running and on which platform it is installed, without even login to the system, simply by typing anything as username/ password.

This paths apply for the Squirrelmail on a RHEL 5/ CentOS 5 plain vanilla installation, but the procedure is the same for any other.

To disable this information, you have to edit three php files:

/etc/squirrelmail/config.php
/usr/share/squirrelmail/src/login.php
/usr/share/squirrelmail/functions/display_messages.php

Make a copy of the files, just in case:

sudo /etc/squirrelmail/config.php \
/etc/squirrelmail/config.php.ORIG
sudo cp /usr/share/squirrelmail/src/login.php \
/usr/share/squirrelmail/src/login.php.ORIG
sudo cp /usr/share/squirrelmail/functions/display_messages.php \
/usr/share/squirrelmail/functions/display_messages.php.ORIG

Then, edit the files, as root, with your favorite text editor,

File "display_messages.php":
The file "display_messages.php" has to go from this:

 '<small>'. sprintf (_("SquirrelMail version %s"), $version) . '<br />'.
 _("By the SquirrelMail Project Team") . "<br /></small>\n" ).


to this:

 '<small>' . sprintf (_(" "), $version) . '<br />'.
 _(" ") . "<br /></small>\n" ).


File "login.php":
The file "login.php" has to be edited from this:

'<small>' . sprintf (_("SquirrelMail version %s"), $version) . '<br />' ."\n".
'  ' . _("By the SquirrelMail Project Team") . '<br />' . "\n" ) .


To this:

// <small>' . sprintf (_("SquirrelMail version %s"), $version) . '<br />' ."\n".
  <small>' . sprintf (_(""), $version) . '<br />' ."\n".
//    '  ' . _("By the SquirrelMail Project Team") . '<br /></small>' . "\n" ) .
  '  ' . _("") . '<br /></small>' . "\n" ) .


File "config.php":
Edit from this:

$org_name      = "SquirrelMail";
$org_logo      = SM_PATH . 'images/sm_logo.png';
$org_logo_width  = '308';
$org_logo_height = '111';
$org_title     = "SquirrelMail $version";
$signout_page  = '';
$frame_top     = '_top';
$provider_uri     = 'http://www.squirrelmail.org/';
$provider_name     = 'SquirrelMail';


To this: (or something similar)

$org_name      = "Webmail Your Corporation";
$org_logo      = SM_PATH . 'images/your_corporation_logo.jpg';
$org_logo_width  = '125';
$org_logo_height = '100';
$org_title     = "Your Corporation";
$signout_page  = '';
$frame_top     = '_top';
$provider_uri     = 'http://www.yourcorp.com';
$provider_name     = 'Your Corp';


To edit the file "config.php", you can also use the builtin "conf.pl" too.

Labels: , , , ,

posted by hictio at 7:24 PM

0 Comments:

Post a Comment

<< Home