1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 3:19 am May 22, 2026

Forum Moderators: phranque

Message Too Old, No Replies

AWSTATS Security Hole

Upgrade to latest release - or else...

         

PhraSEOlogy

5:46 pm on Feb 22, 2005 (gmt 0)

10+ Year Member



Warning, a security hole was recently found in AWStats versions from 5.0 to 6.2 when AWStats is used as a CGI: A remote user can execute arbitrary commands on your server using permissions of your web server user (in most cases user "nobody").

[awstats.sourceforge.net ]

My server was hacked using this security hole and I just wanted to let you guys know.

nuevojefe

9:51 pm on Feb 23, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



We had one go down as well. It's definitely a threat so take PhraSEOlogy's advice and get the fix if needbe.

BwanaZulia

1:37 pm on Feb 24, 2005 (gmt 0)

10+ Year Member



Also a good reason to run AWstats cgi behind a apache username and password.

BZ

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 3:19 am May 22, 2026