WARNING: AWStats Users!

DangerDave · 2005-03-26, 09:17 PM

There is also a recent security hole in phpBB.. 2nd one in month or so

http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=267563

DD

Useless · 2005-03-26, 11:11 PM

I was doing some research on this and I found that as long as your awstat.pl is protected by htaccess you are fine. If you have it publicly viewable, well then you're in trouble. If you reach it like this: http://domain.com/cgi-bin/awstats/awstats.pl -that's bad. If it can only be accessed via CPanel, which is a protected area, you should be fine without the update.

Do people really install Awstats in public directories? Why?

2005-03-26, 09:17 PM	#1
DangerDave Bonged Join Date: Mar 2003 Location: BrisVegas, AUSTRALIA Posts: 4,882	There is also a recent security hole in phpBB.. 2nd one in month or so http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=267563 DD __________________ Old Dollars >>>> Now with over 90 Hosted Free Sites <<<< DangerDave.com.au - Adult Links to Free Porn

2005-03-26, 11:11 PM	#2
Useless Certified Nice Person Join Date: Oct 2003 Location: Dirty Undies, NY Posts: 11,268	I was doing some research on this and I found that as long as your awstat.pl is protected by htaccess you are fine. If you have it publicly viewable, well then you're in trouble. If you reach it like this: http://domain.com/cgi-bin/awstats/awstats.pl -that's bad. If it can only be accessed via CPanel, which is a protected area, you should be fine without the update. Do people really install Awstats in public directories? Why? __________________ Click here to purchase a bridge I'm selling.