my server (with awstats 6.4 installed) was hacked because an awstats exploit, found e.g. here:
until there is a fixed version of awstats, I recommend all to deactivate awstats as cgi
I dont understand...
Its seems the 3 security holes used by that exploit
are fixed in awstats 6.4 (see below). Are you sure it's that exploit that was used successfully to hack your server? Can you provide more details perhaps?
PS Setting "DebugMessages=0" in awstats config can help too, giving away less valuable information. And setting a simple .htaccess helps too (that exploit coulnd work out of the box with an HTTP auth)
PPS I tried that exploit on a server running awstats 6.4 without success, even modifying it to fit my particular config.
The 3 different holes:
configdir (fixed in 6.3)
logfile (fixed in 6.4)
pluginmode (fixed in 6.4)
I'm sorry, your're right, this 3 exploits doesn't work with v6.4!
I think my server was hacked with v6.3 installed..
Again I'm sorry, yesterday I was maybe little confused and stressed to fix all security holes at my server, so I run these exploits maybe against the old v6.3...
And of course, using htaccess is always a good idea against cgi attacks, I forgot about this.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.