Results 1 to 6 of 6
  1. #1

    AWStats and security concerns

    I'm fully aware of the recent AWStats exploits and I'm not sure if it's been 100% addressed or not, but being as there are no other stats programs that give as much info for the price, i'm inclined to offer it server-wide.

    My concerns is the CGI issue. I know that you can disable the option and not allow web-based updating, but if I install it server level, will that prevent the clients from overriding it?

    I'd LOVE to use Urchin, but the cost is prohibative at the moment.

  2. #2
    Join Date
    Jul 2005
    You can configure AwStats in a way that will not require cgi at all. It will parse access logs and generate plain html files with reports for all users periodically.
    Customers won't have access to AwStats scripts, so they won't be able to override anything.

  3. #3
    Join Date
    Jul 2004
    U.A.E >> Dubai
    A good mod_security rule will help you too.
    ٍSecurityWay.Net Managed Solutions
    Linux Security,Domain Registration Service,eNom Reseller Account from an ETP.
    Believe an expert, believe on who has had experience.

  4. #4
    Join Date
    Apr 2002
    I don't believe there are any known issues with the latest version, 6.4.

  5. #5
    Originally posted by SmartActive
    A good mod_security rule will help you too.
    mod_security and DirectAdmin/CentOS don't play nice.

  6. #6
    Originally posted by ArtieFishill
    mod_security and DirectAdmin/CentOS don't play nice.
    Not sure how you can qualify that statement, seeing as mod_security is an apache module and can be installed on either of those platforms without any issues at all. It's almost like installing ssh these days, you need it.

    What do you mean exactly it doesn't play nice with DirectAdmin or Centos?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts