Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hackers/Crackers targeting sites with older AWStats version


  • Please log in to reply
1 reply to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:08:01 PM

Posted 09 February 2005 - 08:12 AM

This is a hot checklist item for folks hosting Internet websites. While Apache servers are most likely affected, this advanced graphical statistics package also runs on ISS, Webstar and other web severs. The latest 6.3 version of AWStats was released on January 28, 2005. Based on Kaspersky's weblog malicious individuals are actively targeting vulnerable sites.

Hackers/Crackers targeting sites with older AWStats version
http://www.viruslist.com/en/weblog

QUOTE: We are seeing vast numbers of sites being compromised at the moment. These sites are using an older version of AWStats, which is a free tool that generates advanced graphical statistics for web, ftp or mail servers.

There is a vulnerability in AWStats 6.2 and previous versions which leads to remote command execution. This gives an attacker almost full control over the server. This vulnerability was first disclosed on 17th January 2005. It has been fixed in AWStats 6.3, so we urge everybody who is using AWStats to make sure they are using 6.3.

Although we are seeing mostly defacements, you are highly recommended to thoroughly check your servers if you have been running AWStats 6.1 since 17th January.


AWStats - Home Page
http://awstats.sourceforge.net/

AWStats is a free powerful and featureful tool that generates advanced web, ftp or mail server statistics, graphically. This log analyzer works as a CGI or from command line and shows you all possible information your log contains, in few graphical web pages

Warning, a security hole was recently found in AWStats versions from 5.0 to 6.2 when AWStats is used as a CGI: A remote user can execute arbitrary commands on your server using permissions of your web server user (in most cases user "nobody"). If you use AWStats with another version or with option AllowToUpdateStatsFromBrowser to 0, you are safe. If not, it is highly recommanded to update to 6.3 version that fix this security hole.

BC AdBot (Login to Remove)

 


m

#2 paperghost

paperghost

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 PM

Posted 09 February 2005 - 01:10 PM

http://www.bleepingcomputer.com/forums/t/10836/spyware-warrior-has-been-hacked/

ASAP already had one victim :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users