1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

WArning: AWStats Security Hole discovered!

Discussion in 'Security' started by Redleg, Feb 8, 2005.

  1. #1
    Hackers have already used this security hole to deface www.phpbb.com
    Several popular blogs have also been hacked as well..
    http://www.blogherald.com/2005/02/03/awstats-exploit-downs-blogs/

    Update Awstats here:
    http://awstats.sourceforge.net/
     
    Redleg, Feb 8, 2005 IP
  2. ResaleBroker

    ResaleBroker Active Member

    Messages:
    1,665
    Likes Received:
    50
    Best Answers:
    0
    Trophy Points:
    90
    #2
    Holy Moly! Will it ever end? :rolleyes:
     
    ResaleBroker, Feb 8, 2005 IP
  3. joeychgo

    joeychgo Notable Member Premium Member

    Messages:
    3,362
    Likes Received:
    321
    Best Answers:
    0
    Trophy Points:
    255
    #3
    Yeah, it was discovered when they took control over PHPbb's server and locked the phpbb admins out
     
    joeychgo, Feb 8, 2005 IP
  4. Chrissicom

    Chrissicom Guest

    Messages:
    261
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    0
    #4
    I think this won't affect awstats users who don't allow public access to their awstats folder right?

    I am using AWStats for almost all my domains on IIS6 but it's only accessible with the server admin username and password through the web not as guest user. The server admin name is not Administrator and it's a highly cryptic password as well, so I think it shouldn't be a problem.
     
    Chrissicom, Feb 9, 2005 IP
  5. mxlabs

    mxlabs Peon

    Messages:
    327
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    0
    #5
    yup, I don't think there is any risk when running awstats through cPanel or similar panels which use password protection for stats.
     
    mxlabs, Feb 9, 2005 IP
  6. Guy G

    Guy G Peon

    Messages:
    27
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Wow thats major...

    *Updates*
     
    Guy G, Feb 9, 2005 IP
  7. Starbug

    Starbug Guest

    Messages:
    89
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #7
    wow.. I had that installed by my hosting company, without the password protection...

    It's been removed now :D

    Thanks for the info!! :)
     
    Starbug, Feb 9, 2005 IP
  8. Chrissicom

    Chrissicom Guest

    Messages:
    261
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    0
    #8
    if we are already on the AWStats topic here, has anyone reverse lookup enabled to see country data info or does it cost too much bandwidth and server requests? (only around 3000 uniques a day on the measured sites)
     
    Chrissicom, Feb 9, 2005 IP
  9. ziandra

    ziandra Well-Known Member

    Messages:
    142
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    138
    #9
    I wish I had seen this message earlier. I just got finished cleaning two systems of all the crap the script kiddies dropped on it. I wouldn't have noticed it except one of them did not have enough memory to run their programs ;)

    The good news is ... as long as awstats was the only mistake you made ... they got access as your web server user and couldn't do much harm. The bad news is ... Had to clean up a bunch of mess. It could have been worse. They could have done some real damage. Seems all they wanted in both cases were machines to host irc bots.
     
    ziandra, Jun 28, 2005 IP
  10. 6th Ave

    6th Ave Peon

    Messages:
    2
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #10
    I get hit with this scan several times a day. Although I'm not vulnerable, it's nice to know what they are looking for. Thanks for the update.
     
    6th Ave, Jun 30, 2005 IP