Awstats -- Is it secure

[jim.thornton]

I just recently followed the tutorial on here to install Awstats but I didn't like the fact that it was installed in the subdirectory /awstats because I read that it is known for exploits.

So... My question is:

1. Is it secure to use?

2. Should I change the script to put it in a different directory??

 

[floyd]

You should also password protect whatever subdirectory you put it in.

 

[jim.thornton]

You should also password protect whatever subdirectory you put it in.

Is that enough security though?

 

[floyd]

Is that enough security though?

That is relative to how much trouble and expense you want to go to. The most secure server is one that is turned off.

 

[jim.thornton]

LOL.

My main concern is that over the last few years of running my site, I noticed in my "awstats" that people were trying to access the /awstats directory on my site. However, I didn't have an /awstats directory. Somehow, my hosts were able to not make it part of the site public_html directory.

Ideally, I would like that. The client can view it, but no one else. The ONLY way to get to it would be within the DA panel.

Is it possible to setup like this?? Or, does it have to be in the /public_html/awstats directory?