I'm fully aware of the recent AWStats exploits and I'm not sure if it's been 100% addressed or not, but being as there are no other stats programs that give as much info for the price, i'm inclined to offer it server-wide.
My concerns is the CGI issue. I know that you can disable the option and not allow web-based updating, but if I install it server level, will that prevent the clients from overriding it?
I'd LOVE to use Urchin, but the cost is prohibative at the moment.
You can configure AwStats in a way that will not require cgi at all. It will parse access logs and generate plain html files with reports for all users periodically.
Customers won't have access to AwStats scripts, so they won't be able to override anything.
Originally posted by ArtieFishill mod_security and DirectAdmin/CentOS don't play nice.
Not sure how you can qualify that statement, seeing as mod_security is an apache module and can be installed on either of those platforms without any issues at all. It's almost like installing ssh these days, you need it.
What do you mean exactly it doesn't play nice with DirectAdmin or Centos?