You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Bill Parker <do...@netnevada.net> on 2005/03/22 05:14:12 UTC
[users@httpd] Apache and AWstats exploit
Hi All,
In reading the list, I have noticed that people have been talking about the AWstats exploit. I had AWstats 6.2 installed (running 6.4 now), but the only people who can get ssh access to the box are tech types in our office, and I only run the awstats.pl --update and generate a static HTML page once a day with no links on the page to click on to update statistics remotely. Is this something that I should be worried about, or is a static HTML page for AWstats not expoitable?
Bill
Re: [users@httpd] Apache and AWstats exploit
Posted by "Anthony G. Atkielski" <an...@atkielski.com>.
Bill Parker writes:
> In reading the list, I have noticed that people have been talking
> about the AWstats exploit. I had AWstats 6.2 installed (running 6.4
> now), but the only people who can get ssh access to the box are tech
> types in our office, and I only run the awstats.pl --update and
> generate a static HTML page once a day with no links on the page to
> click on to update statistics remotely. Is this something that I
> should be worried about, or is a static HTML page for AWstats not
> expoitable?
Static pages are safe.
--
Anthony
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org