WARNING: AWStats Users!

GunnCat · 2005-03-26, 03:27 PM

If you are using AWSTats you should read this asap:
http://seclists.org/lists/incidents/2005/Mar/0019.html

We believe this is how we were exploited.

Verbal · 2005-03-26, 03:43 PM

Check this..

http://www.greenguysboard.com/board/...hlight=awstats

same issue?

RonaldBiggs · 2005-03-26, 03:43 PM

http://www.greenguysboard.com/board/...hlight=awstats

R

Verbal · 2005-03-26, 03:43 PM

lol... that is spooky.

GunnCat · 2005-03-26, 04:02 PM

Yah same one bro. Too bad we didn't see that article before. 4th day down the drain. Looks like we might be up by tonite though. Then I can see all the customer cancellation emails from CCBill. Yay.

stuveltje · 2005-03-26, 05:42 PM

my host did the update so i blame them with all what is going wrong with aw stats , they wanted to take that in their own hands because i was fucking up their server, so easy pick

chaser · 2005-03-26, 08:15 PM

Thanks for the heads up. My server was hacked the last couple days, I assume this is how they hacked it. I'll double check to make sure they installed the new version.

DangerDave · 2005-03-26, 08:17 PM

There is also a recent security hole in phpBB.. 2nd one in month or so

http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=267563

DD

Useless · 2005-03-26, 10:11 PM

I was doing some research on this and I found that as long as your awstat.pl is protected by htaccess you are fine. If you have it publicly viewable, well then you're in trouble. If you reach it like this: http://domain.com/cgi-bin/awstats/awstats.pl -that's bad. If it can only be accessed via CPanel, which is a protected area, you should be fine without the update.

Do people really install Awstats in public directories? Why?

GunnCat · 2005-03-27, 01:52 AM

We had ours in an unprotected dir, but the domain isn't one we use. Actually, we had disabled it for most of our sites since it's a resource hog anyways. We had two sites we host for people that had it up still. I always thought it was kind of strange it wasn't behind htaccess, but I forgot to tell my partner.

2005-03-26, 03:27 PM	#1
GunnCat You can now put whatever you want in this space :) Join Date: Aug 2004 Posts: 547	WARNING: AWStats Users! If you are using AWSTats you should read this asap: http://seclists.org/lists/incidents/2005/Mar/0019.html We believe this is how we were exploited.

2005-03-26, 03:43 PM	#2
Verbal Verbal prefers 56K Join Date: Sep 2003 Location: Chicago, IL Posts: 563	Check this.. http://www.greenguysboard.com/board/...hlight=awstats same issue? __________________ Verbal

2005-03-26, 03:43 PM	#3
RonaldBiggs Are you sure you're an accredited and honored pornographer? Join Date: Nov 2004 Posts: 60	http://www.greenguysboard.com/board/...hlight=awstats R __________________

2005-03-26, 03:43 PM	#4
Verbal Verbal prefers 56K Join Date: Sep 2003 Location: Chicago, IL Posts: 563	lol... that is spooky. __________________ Verbal

2005-03-26, 05:42 PM	#6
stuveltje Live and learn. And take very careful notes! Join Date: Apr 2003 Location: Sunny Holland Posts: 6,157	my host did the update so i blame them with all what is going wrong with aw stats , they wanted to take that in their own hands because i was fucking up their server, so easy pick __________________ Canadian Sexlinks - submit Erotica search -submit

2005-03-26, 04:02 PM	#5
GunnCat You can now put whatever you want in this space :) Join Date: Aug 2004 Posts: 547	Yah same one bro. Too bad we didn't see that article before. 4th day down the drain. Looks like we might be up by tonite though. Then I can see all the customer cancellation emails from CCBill. Yay.

2005-03-26, 08:15 PM	#7
chaser Internet! Is that thing still around? Join Date: Sep 2004 Posts: 3	Thanks for the heads up. My server was hacked the last couple days, I assume this is how they hacked it. I'll double check to make sure they installed the new version.

2005-03-26, 08:17 PM	#8
DangerDave Bonged Join Date: Mar 2003 Location: BrisVegas, AUSTRALIA Posts: 4,882	There is also a recent security hole in phpBB.. 2nd one in month or so http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=267563 DD __________________ Old Dollars >>>> Now with over 90 Hosted Free Sites <<<< DangerDave.com.au - Adult Links to Free Porn

2005-03-26, 10:11 PM	#9
Useless Certified Nice Person Join Date: Oct 2003 Location: Dirty Undies, NY Posts: 11,268	I was doing some research on this and I found that as long as your awstat.pl is protected by htaccess you are fine. If you have it publicly viewable, well then you're in trouble. If you reach it like this: http://domain.com/cgi-bin/awstats/awstats.pl -that's bad. If it can only be accessed via CPanel, which is a protected area, you should be fine without the update. Do people really install Awstats in public directories? Why? __________________ Click here to purchase a bridge I'm selling.

2005-03-27, 01:52 AM	#10
GunnCat You can now put whatever you want in this space :) Join Date: Aug 2004 Posts: 547	We had ours in an unprotected dir, but the domain isn't one we use. Actually, we had disabled it for most of our sites since it's a resource hog anyways. We had two sites we host for people that had it up still. I always thought it was kind of strange it wasn't behind htaccess, but I forgot to tell my partner.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread: