NamePros
Welcome, Guest! Ready to make a name for yourself in the domain business? We welcome both the hobbyist and professional domainer to join the discussion as part of the NamePros community.

Click here to create your profile to start earning reputation for posting, and trader ratings for buying & selling in our free e-marketplace. Build your trader rating with each successful sale. Our system has tracked over 100,000 sales and counting!
FAQ & TOS Register Search Today's Posts Mark Forums Read

Go Back   NamePros.com > Domain Name Discussion Forums > Domain Names > Industry News
Reload this Page AWStats security warning

Industry News Reporting and discussion of the latest news affecting the Internet industries.

Advanced Search
1 members in live chat ~  


Closed Thread
 
LinkBack Thread Tools
Old 02-08-2005, 12:15 PM THREAD STARTER               #1 (permalink)
aww
Senior Member
 
aww's Avatar
Join Date: Jan 2004
Posts: 1,187
aww is a jewel in the roughaww is a jewel in the roughaww is a jewel in the rough
 

Caution AWStats security warning

Please be advised, the popular AWStats program before version 6.3, apparently has a big security hole:
http://lists.netsys.com/pipermail/fu...ry/031002.html
Quote:
Warning, a security hole was recently found in AWStats versions from 5.0 to 6.2 when AWStats is used as a CGI: A remote user can execute arbitrary commands on your server using permissions of your web server user (in most cases user "nobody").
If you use AWStats with another version or with option AllowToUpdateStatsFromBrowser to 0, you are safe. If not, it is highly recommended to update to 6.3 version that fix this security hole.
PHPbb was taken down using the above technique as well as several large blogs.
????: NamePros.com http://www.namepros.com/industry-news/69023-awstats-security-warning.html

More info also available at netcraft, article.

Update here: http://awstats.sourceforge.net/
aww is offline  
Old 02-08-2005, 12:38 PM   #2 (permalink)
Senior Member
 
{insert name here}'s Avatar
Join Date: Dec 2004
Posts: 1,304
{insert name here} is a glorious beacon of light{insert name here} is a glorious beacon of light{insert name here} is a glorious beacon of light{insert name here} is a glorious beacon of light{insert name here} is a glorious beacon of light
 


Breast Cancer
I saw that phpbb.com was attacked yesterday, but at that time, they had not released any info on how and what had happened! Thanks for posting this info!

Its too bad that had to happen to phpbb, but what I am wondering is why they would only run there comunity off one server. At the magnitude they run, you would think they would be on two servers atleast for reasons such as this! HMM.
__________________
You got no time for the messenger,
got no regard for the thing that you don't understand,
you got no fear of the underdog,
that's why you will not survive!
{insert name here} is offline  
Closed Thread

« Experts: international domain names may pose threat | Domains for Charity - please read »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


 
All times are GMT -7. The time now is 08:32 AM.

Contact Us - NamePros.com - Privacy Statement - Top
Domain name forum recommended by Domaining.com Powered by: vBulletin® Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.6.0 Ad Management plugin by RedTyger