AwStats plugin for DA [Still in BETA]

Would you put in the first thread's message a simple instruction for disabling the user option for updating stats?
 
These are the steps I use to install the Plugin on all our servers, works like a charm.

1) Install plugin from

http://www.fusion-ict.nl/da_plugin/awstats.tar.gz

using DA's Plugin Manager.


2) Install latest AWStats version:

/usr/local/directadmin/plugins/awstats/update/update.sh (note, by default it will install 6.5 since the AWStats authors have not "offically" released 6.6, but 6.6 is good idea as it plugs a hole). Since the path of 6.6 is different the 6.5's, do the following:

edit:
/usr/local/directadmin/plugins/awstats/update/update.sh

change:
VER=`cat awstats.ver | egrep -e "http://prdownloads.sourceforge.net/awstats/awstats-(.){3,5}.tar.gz" -o | egrep -e "[0-9]{1,}.[0-9]{1,}" -o`

to:
VER=`cat awstats.ver | egrep -e "http://awstats.sourceforge.net/files/awstats-(.){3,5}.tar.gz" -o | egrep -e "[0-9]{1,}.[0-9]{1,}" -o`



3) Turn off Update from Browser option (previous post's request):

edit:
/usr/local/directadmin/plugins/awstats/hooks/cgi-bin/awstats.none.conf

change:
AllowToUpdateStatsFromBrowser=1

to:
AllowToUpdateStatsFromBrowser=0



4) Setup to automatically add access to new accounts:

edit:
/usr/local/directadmin/scripts/custom/user_create_post.sh

insert:
#!/bin/sh
echo $username >> /usr/local/directadmin/plugins/awstats/hooks/permissions.txt

then change the permissions:
chmod a x /usr/local/directadmin/scripts/custom/user_create_post.sh



5) Set up to do daily updates in Crontab:

edit:
/etc/cron.d/directadmin_cron

replace:
10 0 * * * echo 'action=tally&value=all' >> /usr/local/directadmin/data/task.queue

with:
10 0 * * * root /usr/local/directadmin/plugins/awstats/hooks/cgi-bin/awstats_updateall.pl now -awstatsprog=/usr/local/directadmin/plugins/awstats/hooks/cgi-bin/awstats.pl && echo 'action=tally&value=all' >> /usr/local/directadmin/data/task.queue



6) Login to DA Admin panel and click on the AWSTATS plugin link and activate all users you want to it available to.


Done. You could run do the following to do a first update to make sure it's working:

- cd /usr/local/directadmin/plugins/awstats/hooks/cgi-bin/

- perl awstats_updateall.pl now -awstatsprog=/usr/local/directadmin/plugins/awstats/hooks/cgi-bin/awstats.pl
Click to expand...
 
3) Turn off Update from Browser option (previous post's request):

edit:
/usr/local/directadmin/plugins/awstats/hooks/cgi-bin/awstats.none.conf

change:
AllowToUpdateStatsFromBrowser=1

to:
AllowToUpdateStatsFromBrowser=0

------------------------

I have just done this, do I need to do any additional step, like a massive reinstallation, so .conf files get updated?
 
Actually, you'll need to go thru each of the *.conf files in /etc/awstats and do the same since you already installed it. That, or disable it for all the users in the DA plugin and then reenable it, but that will probably mess up anyone who has it password protected, etc.

Should be able to do:

perl -pi.bak -i 's/AllowToUpdateStatsFromBrowser=1/AllowToUpdateStatsFromBrowser=0/i' /etc/awstats/*.conf

That will make a *.conf.bak file and then update then turn off the option for all existing users.
 
Hello,

I tried, but i failed ...
look : http://www.sheepyland.com/awstats

and when i try to update :

Code: 
/usr/local/directadmin/plugins/awstats/hooks/cgi-bin# perl awstats_updateall.pl now -awstatsprog=/usr/local/directadmin/plugins/awstats/hooks/cgi-bin/awstats.pl
Running '"/usr/local/directadmin/plugins/awstats/hooks/cgi-bin/awstats.pl" -update -config=sheepyland.com -configdir="/etc/awstats"' to update config sheepyland.com
Can't locate Time/Local.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.8.4 /usr/local/share/perl/5.8.4 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl .) at /usr/local/directadmin/plugins/awstats/hooks/cgi-bin/awstats.pl line 16.
BEGIN failed--compilation aborted at /usr/local/directadmin/plugins/awstats/hooks/cgi-bin/awstats.pl line 16.

why it does that : update -config=sheepyland.com -configdir="/etc/awstats"

there is no file in /etc/awtstats

thanks by advance
 
Last time I installed it, the server got attacked due to a security-vulnerability...
That was over a year ago though..

How safe is awstats now ?
cause I really like it, but I got some trauma lol.
 
If you use the latest version and turn of Update From Web Browser, you're fairly safe.
 
update failed

guys,

i have updated my awstats.. Now is al my existed awstats gone.

must i install them one by one ? so many domains.. ?
Solutions?
 
What you talking about you updated? You updated to 6.6? If so, nothing should be gone.

Look in /etc/awstats

Check the plugin controls in the DA cp, you should see all the domains checked..if not, recheck them.
 
subdomain

Does anyone know how to enable awstats on a subdomain in DirectAdmin? Also a little bug maybe, this DA only hosts the subdomain, so when the Awstats links to domainname.com/awstats it won't work. But maybe this is a DA shortcoming.
 
jjbakker said:
Nevermind, just found out how:

awstatsinstall.php:

$cont = ereg_replace("#%DIRDATA%#","/home/{$domainToProcess['user']}/domains/{$domainToProcess['domain']}/stats/",$cont);

awstats.none.conf:

DirData="#%DIRDATA%#"

That way the data is logged on /domain.com/stats
Click to expand...

I just implimented this and you missed one place that needs changing..

the ./user/index.php needs the $cont line added at bottom as well or it doesn't get updated when they install from the plugin.

PHP: 
$cont=ereg_replace("#%DIRDATA%#","$basedir/domains/$domains[$awdomain]/stats/",$cont);

I'm working on modifying the install also to force a random password on to the directory.

:)
 
Last edited:
Ok...added code to index.html to force it to password protect the /awstat directory upon install by user.

/user/index.html, add the following directly before the echo statements at bottom:

PHP: 
$awuser = $_SERVER['USER'];
$awpass = "default";

$auth="
AuthUserFile $location/.htpasswd
AuthType Basic
AuthName \"AwStats Protection\"

<LIMIT GET POST>
require valid-user
</LIMIT>
";

$htpass= "{$awuser}:".crypt($awpass,CRYPT_STD_DES)."\n";

copy ("$dir/cgi-bin/.htaccess","$location/.htaccess");
$fp=fopen("$location/.htaccess","a+");
fwrite($fp,"$auth");
fclose($fp);

$fp=fopen("$location/.htpasswd","w+");
fwrite($fp,$htpass);
fclose($fp);

echo "<br><br>Default password protection set.<br>";
echo "<b>Userid: $awuser<br>";
echo "Password: $awpass</b><br><br>";
echo "It is EXTREMELY recommended that you use the <b><A HREF='awstats/options.php?awdomain=$awdomain'>Tune AwStats</A></b> and m$

Of course you can change the $awpass to something different. I might make it a random string...
 
tristan said:
Thanks for your reaction Sean, I know it's unsupported but maybe there's a way to make it work for a subdomain by hand?
Click to expand...

Actually, what I was trying to say, was that AWStats is NOT meant to work with subdomains, not the plugin.

If you create the subdomains as domains in the DA cp, then you can install awstats into each of them as you would with the default.
 
Hey sullise, with your solution people can use the ?config=domain.com feature to acces other user's stats.

How do I disable it?

-Demio
 
This works if you use the forced password protection above.


In hooks/cgi-bin/awstats.none.conf:
PHP: 
AllowAccessFromWebToAuthenticatedUsersOnly=1

AllowAccessFromWebToFollowingAuthenticatedUsers="#%USER%#"

In hooks/awstatsinstall.php:
(search for other $cont=erg_replace statements and add...)
PHP: 
$cont = ereg_replace("#%USER%#","{$domainToProcess['user']}",$cont);

in /usr/index.html:
(add with my other fix from previous post)
PHP: 
$cont=ereg_replace("#%USER%#","{$_SERVER['USER']}",$cont);

in /usr/options.php:
(just before the "die" statement for password protection)

PHP: 
$fp=fopen("$dir/cgi-bin/awstats.none.conf","r");
$fp2=fopen("/etc/awstats/awstats.$domains[$awdomain].conf","w+");
$cont=fread($fp,filesize("$dir/cgi-bin/awstats.none.conf"));
fclose($fp);
$cont=ereg_replace("#%LOG%#","/var/log/httpd/domains/$domains[$awdomain].log",$cont);
$cont=ereg_replace("#%DOMAIN%#","www.$domains[$awdomain]",$cont);
$cont=ereg_replace("#%USER%#","$awuser",$cont);
$cont=ereg_replace("#%DIRDATA%#","$basedir/domains/$domains[$awdomain]/stats/",$cont);

fwrite($fp2,$cont);
fclose($fp2);

Works like a charm.

I'm going to make all the changes to a distribution ocpy of the plugin and post a wget path. Since the original author is not updating it anymore, sure he won't mind...not taking credit for his original work, just expanding on it.

Changes will be:

- AllowToUpdateStatsFromBrowser will default to 0 (off)
- Change path in update.sh to the current version download to enable 6.6 to be the default download (it's stable..been using is for months..since it got released with no problems)
- Add the code to force data to the users /stats directory
- Add the code to force password protection
- Add the code to block unauthenticated users from view other domains stats

If I get frisky, I may add some other code to give the user (and admin) more options upon install for the configuration...things like header and footers, logo, etc.

As with the old release, be free.
 
To fix the viewing of stats by unauthorized persons I edited awstats.pl and commented out the line where it reads the _GET var "config".:D
 
That works too, but the user can always go in and change that back. My way, they can't override it.
 
You must log in or register to reply here.
Back
Top