AW Stats security warning
- Started
- Last post
- 5 Responses
- ribit
If you are running AW Stats on your server make sure you upgrade to fix a security hole.. we just got locked out of our server by 'Simiens Crew' who found a way through AWStats... now we have to rebuild the thing...
- seed0
Yeah, I think you have to upgrade to 6.3 now. I am thinking of installing that on some severs at work. How is it working out for you otherwise? Is it a pain in the ass to install?The demo on the site looks good.
- designerror0
that suck ribit.. when is it gonna be up again?
- ribit0
We had someone install AWStats a few months back...no idea what its like to setup. Seems like a good solution though...theres a features comparison here:
http://awstats.sourceforge.net/We're hoping to have our site back up today... it was such a mess we had to request a clean install of the server, and hoping all our backups are OK (5 years of content and member database...)
We're still looking for someone to do regular part-time Linux/PHP/MySQL server admin for us in London area if anyone has recomendations?
- seed0
I am still thinking of installing AWStats at work but if I screwed up a server due to a software I suggested I would feel like an ass. Hopefully the newer versions are completely secure. If they let one problem go it seems it could happen again though.
- chl0
Yes, it's pretty easy to install. To find an application of any size that's "completely secure" is sort of like finding a pot of gold at the end of the rainbow. The problem here was that the specific hole that was found was a) very easy to exploit and b) let the exploiter do a lot of bad things. So yes, everybody should upgrade, but equally as important is getting yourself on the right mailing lists so that when problems of this nature are found in the future, you don't find out about them because you've been compromised.