AWstats users please read

Wazza · 2005-02-09, 09:45 PM

Serious vulnerability discovered - upgrade to v6.3 asap

http://www.icetalk.com/awstats-N3620.html

Kappi · 2005-02-10, 07:56 AM

tnx for the notice!

Useless · 2005-02-10, 09:34 AM

I've been looking for a step by step tutorial on how to upgrade, but can't find one.

DangerDave · 2005-02-10, 03:15 PM

Upgrading AWStats to a new version
To upgrade AWStats from an old version to a new one, all you have to do is:

* Check your Perl version is at least 5.005_03 (or higher). For this you can run perl -v command.

* Replace AWStats runtime files by new ones. For this you can:
- decompress new AWStats zip or tgz package to old install directory (AWStats old runtime files are replaced by new ones. This works whatever is the old and new version, 3.x, 4.x, 5.x, 6.x).
- or just run your OS package tool (rpm, apt, or just .exe for windows).

* Your setup files should not be lost as AWStats default distribution should not overwite config file (it provides only one config file example called awstats.model.conf). However some packages are not official, so you can save and restore AWStats config files (awstats*.conf) if you prefer.
Sometimes, there is new parameter supported by the new version. Since those parameters are not present in old config files, AWStats will use default values for them, to work as it did when those parameters did not exist, so there is no need to add them, except if you want to use differently the new feature.

Note 0: Perl 5.005_03 or higher is a requirement to use AWStats 6.0 or higher.
Note 1: When migrating to 6.x series, if you use the ExtraSections feature, you must check that the parameter(s) ExtraSectionConditionX use a full REGEX syntax (with 5.x series, this parameter could contain simple string values). If not, feature will be broken.
Note 2: When migrating to 6.x series, if you use the Misc feature, you must check that your ShowMiscStats parameter is set to "ajdfrqwp", if you want to have all miscellanous info reported (you must also have added the awstats_misc_tracker.js script in your home page as described in MiscTrackerUrl parameter description). Otherwise the new default value "a" will be used (only the "Add to favourites" will be reported).
Note 3: In 6.x series, MaxLengthOfURL parameter has been renamed into MaxLengthOfShownURL
Note 4: When migrating to 6.x series, to enable the new worm detection, you must add parameter LevelForWormsDetection=2 in your config file.
Note 5: When migrating to 6.x series, if you used the urlalias or userinfo plugin, you must move the urlalias.*.txt or userinfo.*.txt file from Plugins directory to DirData directory.

* Your old analyzed data should not be lost since your 'history files' are saved in the directory defined in DirData parameter in your AWStats config file and 'history files' format is compatible with each new version of AWStats since 5.x series. If you upgrade from 3.x or 4.x series to 5.x, 6.x or higher, AWStats will still be able to 'read' your old history files but a warning will appear to ask you to run the 'migrate' process on your old data files. Just run the command that will appear in warning message. This warning will appear only after upgrade from 3.x or 4.x series to a 5.x, 6.x or higher version and only if 'migrate' is necessary.

Verbal · 2005-02-10, 06:26 PM

Thanks for the heads up.

FTS · 2005-02-12, 06:55 PM

just updated my awstats, thanks for the info..

PR_Tom · 2005-02-12, 11:27 PM

Interestingly, when I informed my tech about this post, he let me know that the way my setup is, awstats isnt vulnerable as described (which is good).
But in the last 2 days, people have been apparently scanning my cgi-bin's for copies of awstats.
Maybe I'll create "awstats.cgi" and grab some info on the would-be evil-doers, lol

Robbo · 2005-02-12, 11:33 PM

PR Tom I`ve been seeing those too. Must be peopel scanning since they heard of the vulnerability. I did notice my server setup nicely to cure that problem!

stuveltje · 2005-02-13, 04:06 AM

thanks for the heads up, my host did all the aw stats for me the upgrading so all would be oke for me now

Wazza · 2005-02-13, 07:29 AM

They did actually get into our server using this method - installed an irc bot, some tools for attacking other servers and some other stuff that I can't remember.

All that crap was owned by apache so they didn't actually gain proper control. But managed to push our usage up to 32mbps which made it pretty clear something was amiss (thanks fools, you sent up a flare and we fucked you off inside of an hour). We did have awstats running as a cgi...

Robbo · 2005-02-13, 04:29 PM

Wazza glad to hear you took care of them! Jackasses all of them!

2005-02-09, 09:45 PM	#1
Wazza I'm a jaded evil bastard, I wouldn't piss on myself if I was on fire... Join Date: Apr 2003 Location: Melbourne, Australia Posts: 808	AWstats users please read Serious vulnerability discovered - upgrade to v6.3 asap http://www.icetalk.com/awstats-N3620.html __________________ I sale Internet My sites have no traffic and no PR - let's trade - PM me

2005-02-10, 07:56 AM	#2
Kappi WHO IS FONZY!?! Don't they teach you anything at school? Join Date: Jan 2005 Posts: 47	tnx for the notice! __________________ GetBlogTraffic.com \| A comprehensive list of blog traffic resources

2005-02-10, 09:34 AM	#3
Useless Certified Nice Person Join Date: Oct 2003 Location: Dirty Undies, NY Posts: 11,268	I've been looking for a step by step tutorial on how to upgrade, but can't find one. __________________ Click here to purchase a bridge I'm selling.

2005-02-10, 03:15 PM	#4
DangerDave Bonged Join Date: Mar 2003 Location: BrisVegas, AUSTRALIA Posts: 4,882	Upgrading AWStats to a new version To upgrade AWStats from an old version to a new one, all you have to do is: * Check your Perl version is at least 5.005_03 (or higher). For this you can run perl -v command. * Replace AWStats runtime files by new ones. For this you can: - decompress new AWStats zip or tgz package to old install directory (AWStats old runtime files are replaced by new ones. This works whatever is the old and new version, 3.x, 4.x, 5.x, 6.x). - or just run your OS package tool (rpm, apt, or just .exe for windows). * Your setup files should not be lost as AWStats default distribution should not overwite config file (it provides only one config file example called awstats.model.conf). However some packages are not official, so you can save and restore AWStats config files (awstats.conf) if you prefer. Sometimes, there is new parameter supported by the new version. Since those parameters are not present in old config files, AWStats will use default values for them, to work as it did when those parameters did not exist, so there is no need to add them, except if you want to use differently the new feature. Note 0: Perl 5.005_03 or higher is a requirement to use AWStats 6.0 or higher. Note 1: When migrating to 6.x series, if you use the ExtraSections feature, you must check that the parameter(s) ExtraSectionConditionX use a full REGEX syntax (with 5.x series, this parameter could contain simple string values). If not, feature will be broken. Note 2: When migrating to 6.x series, if you use the Misc feature, you must check that your ShowMiscStats parameter is set to "ajdfrqwp", if you want to have all miscellanous info reported (you must also have added the awstats_misc_tracker.js script in your home page as described in MiscTrackerUrl parameter description). Otherwise the new default value "a" will be used (only the "Add to favourites" will be reported). Note 3: In 6.x series, MaxLengthOfURL parameter has been renamed into MaxLengthOfShownURL Note 4: When migrating to 6.x series, to enable the new worm detection, you must add parameter LevelForWormsDetection=2 in your config file. Note 5: When migrating to 6.x series, if you used the urlalias or userinfo plugin, you must move the urlalias..txt or userinfo..txt file from Plugins directory to DirData directory. Your old analyzed data should not be lost since your 'history files' are saved in the directory defined in DirData parameter in your AWStats config file and 'history files' format is compatible with each new version of AWStats since 5.x series. If you upgrade from 3.x or 4.x series to 5.x, 6.x or higher, AWStats will still be able to 'read' your old history files but a warning will appear to ask you to run the 'migrate' process on your old data files. Just run the command that will appear in warning message. This warning will appear only after upgrade from 3.x or 4.x series to a 5.x, 6.x or higher version and only if 'migrate' is necessary. __________________ Old Dollars >>>> Now with over 90 Hosted Free Sites <<<< DangerDave.com.au - Adult Links to Free Porn

2005-02-10, 06:26 PM	#5
Verbal Verbal prefers 56K Join Date: Sep 2003 Location: Chicago, IL Posts: 563	Thanks for the heads up. __________________ Verbal

2005-02-12, 06:55 PM	#6
FTS Operator! Give me the number for 911! Join Date: Dec 2004 Posts: 139	just updated my awstats, thanks for the info.. __________________ Submit Your Freesites to <a href="http://www.fuckthensuck.com/submit.html"> Fuck Then Suck </a> and <a href="http://www.xxxpicssex.com/submit.php"> XXX Pics Sex </a> <br>Email me your comments!

2005-02-12, 11:27 PM	#7
PR_Tom Nobody gets into heaven without a glowstick Join Date: Feb 2005 Posts: 423	Interestingly, when I informed my tech about this post, he let me know that the way my setup is, awstats isnt vulnerable as described (which is good). But in the last 2 days, people have been apparently scanning my cgi-bin's for copies of awstats. Maybe I'll create "awstats.cgi" and grab some info on the would-be evil-doers, lol __________________ PimpRoll

2005-02-12, 11:33 PM	#8
Robbo No matter how good you are at something, there's always about a million people better than you Join Date: Apr 2004 Location: Greenguy County, NY Posts: 236	PR Tom I`ve been seeing those too. Must be peopel scanning since they heard of the vulnerability. I did notice my server setup nicely to cure that problem!

2005-02-13, 04:06 AM	#9
stuveltje Live and learn. And take very careful notes! Join Date: Apr 2003 Location: Sunny Holland Posts: 6,157	thanks for the heads up, my host did all the aw stats for me the upgrading so all would be oke for me now __________________ Canadian Sexlinks - submit Erotica search -submit

2005-02-13, 07:29 AM	#10
Wazza I'm a jaded evil bastard, I wouldn't piss on myself if I was on fire... Join Date: Apr 2003 Location: Melbourne, Australia Posts: 808	They did actually get into our server using this method - installed an irc bot, some tools for attacking other servers and some other stuff that I can't remember. All that crap was owned by apache so they didn't actually gain proper control. But managed to push our usage up to 32mbps which made it pretty clear something was amiss (thanks fools, you sent up a flare and we fucked you off inside of an hour). We did have awstats running as a cgi... __________________ I sale Internet My sites have no traffic and no PR - let's trade - PM me

2005-02-13, 04:29 PM	#11
Robbo No matter how good you are at something, there's always about a million people better than you Join Date: Apr 2004 Location: Greenguy County, NY Posts: 236	Wazza glad to hear you took care of them! Jackasses all of them!