Bug in Awstats - Page 2

Code3TJ · February 10th, 2005, 6:39 AM

Welp, just did a google search on awstats and this was 4th on the list. Not the sort of info I want floating around if we're not using an updated version.

mikespe · February 10th, 2005, 5:11 PM

+I am requesting to the admins here that AWStats be disabled until it can be updated. Yes I know there are security measures in place but this is obviously serious...Please disable AWStats

Thank You

WildCherry · February 22nd, 2005, 7:30 PM

I still have version 6.2, my boyfriend has 6.3. He uses surpass also but on a different server.

mikespe · February 22nd, 2005, 8:28 PM

well its been 2 weeks since my original post about this FLAW yet no one has updated AWEstats on pass16 yet? I am sorry but this worries me that a host won't update a software when it is proven that it comprimises security...

graue · February 22nd, 2005, 8:51 PM

I agree. Surpass, fix this! Now!

**Ehaanaes** · February 23rd, 2005, 8:31 AM

i have v 6.3 on my server. Along with v 10.x.x of WHM and cPanel.

Moahhaha. *eviler looks*

But, just email support and they will probably fix it asap.

Code3TJ · February 23rd, 2005, 2:45 PM

Quote:

Originally Posted by Ehaanaes

But, just email support and they will probably fix it asap.

I wish - sent a ticket on 2-8-05 and it's been on hold since.

Quote:

Awstats in the server is integrated with cpanel. If we upgrade awstats manually, it will not work properly with cpanel. We had contacted cpanel support regarding this and they assures that they will release upgraded version soon.

We have installed some security features in the server, which will deny the possible attacks using security hole in awstats.

This helps a little bit, but why are some servers upgraded and others not?

Tarraco · March 9th, 2005, 5:07 AM

Hi friends!

Up to now, we are protected, because Awstats is password protected, for this anybody outsite of surpass cannot use the exploid.

This is a terrible exploid, my home linux-server was hacked using this bug some weeks ago. I have had to reinstall all the system, and unfortunately I have decide to migrate to a windows 2000 server (about half day to install all services again: apache, mysql, dns, routing, mail server...) and cacti stats (I'm a fan of statics!)

February 10th, 2005, 6:39 AM	#10 (permalink)
Code3TJ Registered User Seasoned Poster Joined in Jan 2004 Hosted on Pass51 62 posts Gave thanks: 0 Thanked 0 times	Welp, just did a google search on awstats and this was 4th on the list. Not the sort of info I want floating around if we're not using an updated version. __________________ Jeep Horizons - Pass51 California Jeeper - Pass51

February 10th, 2005, 5:11 PM	#11 (permalink)
mikespe Registered User Comfy Contributor Joined in Oct 2004 132 posts Gave thanks: 1 Thanked 0 times	+I am requesting to the admins here that AWStats be disabled until it can be updated. Yes I know there are security measures in place but this is obviously serious...Please disable AWStats Thank You __________________ SERVER: PASS 16

February 22nd, 2005, 8:28 PM	#13 (permalink)
mikespe Registered User Comfy Contributor Joined in Oct 2004 132 posts Gave thanks: 1 Thanked 0 times	well its been 2 weeks since my original post about this FLAW yet no one has updated AWEstats on pass16 yet? I am sorry but this worries me that a host won't update a software when it is proven that it comprimises security... __________________ SERVER: PASS 16

February 22nd, 2005, 8:51 PM	#14 (permalink)
graue Registered User Comfy Contributor Joined in Dec 2004 Lives in Fairfax, VA, USA Hosted on sh57 247 posts Gave thanks: 0 Thanked 0 times	I agree. Surpass, fix this! Now! __________________ Ben the Benly Benis: the greatest webcomic in existence. (on sh57)

February 23rd, 2005, 8:31 AM	#15 (permalink)
Ehaanaes Forum Moderator Super #1 Joined in Aug 2003 Lives in Norway Hosted on Minerva 1,215 posts Gave thanks: 0 Thanked 0 times	i have v 6.3 on my server. Along with v 10.x.x of WHM and cPanel. Moahhaha. eviler looks But, just email support and they will probably fix it asap. __________________ Owner of Minerva and Server :: Beatiful P4's Surpass http://www.case-spider.com Winner of the Surpassies 2004 - Most Spirit. :bravo: Google = Friend!

February 22nd, 2005, 7:30 PM	#12 (permalink)
WildCherry Registered User Seasoned Poster Joined in Aug 2004 Lives in Colorado (mostly) and Texas 53 posts Gave thanks: 0 Thanked 0 times	I still have version 6.2, my boyfriend has 6.3. He uses surpass also but on a different server.

March 9th, 2005, 5:07 AM	#17 (permalink)
Tarraco Registered User Fresh Surpasser Joined in Jan 2005 Lives in Spain 4 posts Gave thanks: 0 Thanked 0 times	Hi friends! Up to now, we are protected, because Awstats is password protected, for this anybody outsite of surpass cannot use the exploid. This is a terrible exploid, my home linux-server was hacked using this bug some weeks ago. I have had to reinstall all the system, and unfortunately I have decide to migrate to a windows 2000 server (about half day to install all services again: apache, mysql, dns, routing, mail server...) and cacti stats (I'm a fan of statics!)

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Rate This Thread
Rate This Thread: