|
WARNING: AWStats Users!
If you are using AWSTats you should read this asap:
http://seclists.org/lists/incidents/2005/Mar/0019.html We believe this is how we were exploited. |
|
|
lol... that is spooky.
|
Yah same one bro. Too bad we didn't see that article before. 4th day down the drain. Looks like we might be up by tonite though. Then I can see all the customer cancellation emails from CCBill. Yay.
|
my host did the update so i blame them with all what is going wrong with aw stats , they wanted to take that in their own hands because i was fucking up their server, so easy pick:D
|
Thanks for the heads up. My server was hacked the last couple days, I assume this is how they hacked it. I'll double check to make sure they installed the new version.
|
There is also a recent security hole in phpBB.. 2nd one in month or so
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=267563 DD |
I was doing some research on this and I found that as long as your awstat.pl is protected by htaccess you are fine. If you have it publicly viewable, well then you're in trouble. If you reach it like this: http://domain.com/cgi-bin/awstats/awstats.pl -that's bad. If it can only be accessed via CPanel, which is a protected area, you should be fine without the update.
Do people really install Awstats in public directories? Why? |
We had ours in an unprotected dir, but the domain isn't one we use. Actually, we had disabled it for most of our sites since it's a resource hog anyways. We had two sites we host for people that had it up still. I always thought it was kind of strange it wasn't behind htaccess, but I forgot to tell my partner.
|
| All times are GMT -4. The time now is 09:12 AM. |
Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
© Greenguy Marketing Inc