You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Bill Parker <do...@netnevada.net> on 2005/03/22 05:14:12 UTC

[users@httpd] Apache and AWstats exploit

Hi All,

    In reading the list, I have noticed that people have been talking about the AWstats exploit.  I had AWstats 6.2 installed (running 6.4 now), but the only people who can get ssh access to the box are tech types in our office, and I only run the awstats.pl --update and generate a static HTML page once a day with no links on the page to click on to update statistics remotely.  Is this something that I should be worried about, or is a static HTML page for AWstats not expoitable?

Bill

Re: [users@httpd] Apache and AWstats exploit

Posted by "Anthony G. Atkielski" <an...@atkielski.com>.

Bill Parker writes:

> In reading the list, I have noticed that people have been talking
> about the AWstats exploit. I had AWstats 6.2 installed (running 6.4
> now), but the only people who can get ssh access to the box are tech
> types in our office, and I only run the awstats.pl --update and
> generate a static HTML page once a day with no links on the page to
> click on to update statistics remotely. Is this something that I
> should be worried about, or is a static HTML page for AWstats not
> expoitable?

Static pages are safe.

-- 
Anthony



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org