security at admin.fulgan.com
Fri Aug 19 07:44:07 GMT 2005
Awstats is known to have several remotely exploitable vunerability and
it's a popular entry door into systems. I see such a scan twice a day
on web-serving machines.
I can't tell you if your machine really has been compromized from what
your saying: how are these folders being "accessed" ? What are you
looking at ? HTTP logs ? If so, check the return code: if it's 403 or
404, you should be fine. If it's 200, 50x or similar then you're
Friday, August 19, 2005, 6:50:23 AM, you wrote:
GJ> I sent a contact us message through ISC a while back, but I suppose with
GJ> all the activity lately they haven't had a chance
GJ> to respond. I'm seeing strange activity in my server logs that just
GJ> isn't normal. Someone is accessing the awstats directory
GJ> on my server. I can confirm that access to that directory is restricted.
GJ> In fact, if I use any of my browsers, I can't access
GJ> it, by http or ftp.
GJ> If I use my ftp client, I can of course access any directory on my
GJ> server using the password. I can't understand why or
GJ> how anyone else has been able to gain access to the awstats/icons
GJ> directory, or why they would even bother in the
GJ> first place.
GJ> Can anyone here offer some wisdom? I really don't wish to show the log
GJ> here on a public list /forum.
GJ> Thanks in advance,
Stephane mailto:security at admin.fulgan.com
More information about the list