awstats exploits also with v6.4

Developers
2005-04-13
2012-10-11
  • Sebastian Utz

    Sebastian Utz - 2005-04-13

    my server (with awstats 6.4 installed) was hacked because an awstats exploit, found e.g. here:
    http://www.frsirt.com/exploits/20050302.awstats_shell.c.php

    until there is a fixed version of awstats, I recommend all to deactivate awstats as cgi

     
    • Christophe Chisogne

      I dont understand...

      Its seems the 3 security holes used by that exploit
      are fixed in awstats 6.4 (see below). Are you sure it's that exploit that was used successfully to hack your server? Can you provide more details perhaps?

      PS Setting "DebugMessages=0" in awstats config can help too, giving away less valuable information. And setting a simple .htaccess helps too (that exploit coulnd work out of the box with an HTTP auth)

      PPS I tried that exploit on a server running awstats 6.4 without success, even modifying it to fit my particular config.

      The 3 different holes:

      1. configdir (fixed in 6.3)
        http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=true

      2. logfile (fixed in 6.4)
        http://www.securityfocus.com/bid/10950/solution

      3. pluginmode (fixed in 6.4)
        http://www.frsirt.com/english/advisories/2005/0164

       
      • Sebastian Utz

        Sebastian Utz - 2005-04-14

        I'm sorry, your're right, this 3 exploits doesn't work with v6.4!

        I think my server was hacked with v6.3 installed..
        Again I'm sorry, yesterday I was maybe little confused and stressed to fix all security holes at my server, so I run these exploits maybe against the old v6.3...

        And of course, using htaccess is always a good idea against cgi attacks, I forgot about this.

         

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks