« MT-Blacklist Error : Byte Order Is Not Compatible | Main | Email Problem Follow-up »
May 18, 2005
Awstats Exploit
I found the source of my email server problem, it's because I was using an old version of Awstats, which has a known exploit - allows remote command execution. After further search on the Internet, I found that it seemed to be a hot topic on the Internet several months ago, especially among bloggers, it's a shame that I haven't even heard of it.
I also found the spam email and attack source code under /tmp, I think it's better to check this directory regularly. I'm not sure if the spammer gained the shell access, the server seems clean.
The lesson: it's necessary to check out security alert frequently for administrators. Please let me know if you know some good source.
If you are using Awstats 6.2 or earlier versions, your server is at great risk, update it now!
Here is a great blog entry about this exploit, lots of helpful comments with security suggestions and resource.
Category : Security
Posted by FreeBSD Newbie at May 18, 2005 06:06 AM
Comments
It is usefull use awstats as static webloger.
I recomend do not use awstats-cgi, just make static reports one time per hour using awstats_buildstaticpages.pl. It is more than enouth for statistics.
Posted by chexov at January 6, 2006 06:01 PM
That's a good idea, chexov, I never thought of that.
Thanks!
Posted by FreeBSD Newbie at January 6, 2006 06:33 PM