Bitten by awstats – update to 6.4!

This morning one of my servers was attacked via awstats, which in versions before 6.4 has several known vulnerabilities.

In our case, the attacker could execute commands under the web server’s identity, not nice.

So, if you’re using awstats, upgrade to 6.4, or in a pinch disable the web access until you upgrade.

And…stats should never be openly accessible, I know this better now ;-)

One Response to Bitten by awstats – update to 6.4!

  1. Also, a lot of nasty web sites use online stats to artificially rise their page rank…

%d bloggers like this: