If you use awstats make sure you are running a safe version (use glsa-check) - glsa #200501-36
In my apache log yesterday: 217.172.168.109 - - [04/Feb/2005:00:48:51 +0800] "GET //cgi-bin/awstats/awstats.pl?configdir=|%20id%20| HTTP/1.1" 401 534 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 217.172.168.109 - - [04/Feb/2005:00:48:51 +0800] "GET //cgi-bin/awstats.pl?configdir=|%20id%20| HTTP/1.1" 401 534 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" This may or may not have been a probe for the unsafe version, but why is someone looking for awstats when no such link exists on any web page on the server? I had awstats installed a few weeks back, but wasnt using it so when the glsa arrived I uninstalled it and checked that the script was gone from the webserver tree. BillK On Thu, 2005-02-03 at 07:51 -0800, Grant wrote: > > You mentioned using webalizer, the tool i use is similar awstats. It > > produces similar outputs, i found with more information however. It > > depends what your wanting to see. AWStats will show referal information, > > search queries, browser type and version etc. Times the page is views, > > bandwidth usage. http://awstats.sf.net (or emerge awstats) > > I actually used to use AWstats, but switched to Webalizer so I don't > have to run CGIs directly from the URL. I checked out the AWstats > demo recently, and I really didn't see any info that Webalizer leaves > out. Webalizer does include all the types of info you mentioned > above. One thing I'd really like to see that no log analyzer seems to > include is a breakdown of info by day. It always seems to be by > month, and that means I get much more relevant information during the > first couple days of every month when I get to see what happened > during those days. > > - Grant > > > Tim > > -- > [email protected] mailing list > -- William Kenworthy <[EMAIL PROTECTED]> Home! -- [email protected] mailing list
