Ann Elisabeth » Blog Archive » Watch out for unpatched awstats

Watch out for unpatched awstats

I got an entry in my error log today.

Someone had tried to access the awstats script in the cgi-bin. Only there’s no awstats script in the cgi-bin.

The explanation is that older versions of the scripts are vulnerable.

Shame on you, hacker:
200.162.230.111

This entry was posted on Thursday, March 3rd, 2005 at 8:18 pm and is filed under Tech. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

One Response to “Watch out for unpatched awstats”

Steven Says:
March 4th, 2005 at 7:44 pm
Got the same thing myself over the past few weeks.

Following being the latest…..

2005-03-02 18:27:40 80.237.203.15 - 80 GET /cgi-bin/awstats/awstats.pl configdir=|%20id%20| 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) -
2005-03-02 18:27:40 80.237.203.15 - 80 GET /cgi-bin/awstats.pl configdir=|%20id%20| 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) -
2005-03-02 18:27:40 80.237.203.15 - 80 GET /cgi/awstats.pl configdir=|%20id%20| 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) -
2005-03-02 18:27:41 80.237.203.15 - 80 GET /Default.asp - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)