On 04/26/2012 05:47 PM, Robin Gareus wrote:
i'm with you on all items, but want to comment on this one:
been running awstats for ages because its output is great, but it's a
security nightmare. i've taken to displaying only static pages generated
from a cronjob every hour. not as convenient, and makes browsing of
previous years a lot harder, but there have been soo many XSS attacks
and other gotchas in the past...
imho, it's either that or password-protect it. my logs show numerous
automated scans for vulnerable awstats implementations.
Lortzingstr. 11, 45128 Essen, Tel. +49 177 7937487
Meister für Veranstaltungstechnik (Bühne/Studio)