People are following links to your site using their passwords in the referal url you recieve from them you mean or?

They're just clicking on my referral links in their log.

Their password is already in the URL. That's the problem.

Is this an Awstats bug? It seems very recent - I don't remember seeing this before.

TJ

Nah, who knows? I've never needed the password option for awstats so I can't help you there.

You should never ever leave your stats open to public access.....

Just checked it with a couple of AWStats installations and it is not happening - so it must be a configuration thing.

Sounds like a good reason to paste the URL into your browser address bar. No referring url.

I've disabled my referer header anyway, but just to be on the extra-safe side, I never leave a sensitive page for another website, nor do I come to a sensitive page from another website. New tabs all the way! ;)

You should definitely forward your info to the AWStats guys, but I can't replicate what you are seeing with the latest beta, the latest stable, or the previous stable I just checked.

There is a recent awstats hack on linux. This hack involves a program called shellbot. Awstats is tricked into loading the worm into your /tmp or /var/tmp directory. The shellbot uses your bandwidth for various activities. Search GG for more information. Recently, I discovered I had been hacked by this. Though, I do not have awstats, someone was still able to trick one of my perl scripts into loading the program. the shellbot actually caused my system to crash (I lost money).

Sorry, I had lost track of this thread.

It vanished quite quickly. I didn't get around to sending examples to awstats - didn't get time, but I haven't had any of these since.

Was very odd though. My guess is it was a bug.

TJ

I'm going to send you a sticky ...