Security Basics mailing list archives

Re: GET //awstats.pl? in apache logs

From: highwaycode () securityfocus com, "[a]"@securityfocus.com, hotmail.com () securityfocus com
Date: 24 Oct 2005 12:23:59 -0000

Some versions of awstats had a vun which allowed command execution, I assume someone created a bot to test random 
DNS/IP addresses in the hope of finding a vulnerable server. Once found the bot would usually copy itself to the server 
and begin spreading.

If you do not have awstats installed this is not something I would worry about, If you are worried about future threats 
try installing something like mod_security.

Current thread:

GET //awstats.pl? in apache logs Konstantine (Oct 24)
- Re: GET //awstats.pl? in apache logs ilaiy (Oct 24)
- Re: GET //awstats.pl? in apache logs Andreas Constantinides (MegaHz) (Oct 24)
- Re: GET //awstats.pl? in apache logs FocusHacks (Oct 24)
- Re: GET //awstats.pl? in apache logs Can't dig that daddy (Oct 24)
  - RE: GET //awstats.pl? in apache logs mail list (Oct 24)
    - Message not available
    - Fwd: GET //awstats.pl? in apache logs Tobias Hahn (Oct 25)
- Re: GET //awstats.pl? in apache logs S.A. Birl (Oct 24)
  - Re: GET //awstats.pl? in apache logs Konstantine (Oct 25)
- <Possible follow-ups>
- Re: GET //awstats.pl? in apache logs [a] (Oct 24)