Awstats Exploit
May 18, 2005 Posted by KP
I found the source of my email server problem, it’s because I was using an old version of Awstats, which has a known exploit - allows remote command execution. After further search on the Internet, I found that it seemed to be a hot topic on the Internet several months ago, especially among bloggers, it’s a shame that I haven’t even heard of it.
I also found the spam email and attack source code under /tmp, I think it’s better to check this directory regularly. I’m not sure if the spammer gained the shell access, the server seems clean.
The lesson: it’s necessary to check out security alert frequently for administrators. Please let me know if you know some good source.
If you are using Awstats 6.2 or earlier versions, your server is at great risk, update it now!
Here is a great blog entry about this exploit, lots of helpful comments with security suggestions and resource.
Related Posts:
- Install Awstats on FreeBSD
- Email Problem Follow-up
- Install Awstats 6.5 Without Ports
- Update AwStats with Cron Job
- Arbitrary Code Execution Vulnerability in Awstats 6.4
- Spam Email
- Great FreeBSD Security Page
- A One-year Look Back
Filed Under: Security
January 6th, 2006 at 6:01 pm
It is usefull use awstats as static webloger.
I recomend do not use awstats-cgi, just make static reports one time per hour using awstats_buildstaticpages.pl. It is more than enouth for statistics.
January 6th, 2006 at 6:33 pm
That’s a good idea, chexov, I never thought of that.
Thanks!