Current time: 11-16-2024, 03:18 AM Hello There, Guest! (LoginRegister)


Post Reply 
Why is Awstats implemented? -> security risk
Author Message
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #11
RE: Why is Awstats implemented? -> security risk
BioALIEN Wrote:I prefer AWStats to Webalizer. I know more newbie sys admins will convert to VHCS Omega because of this fact Smile

They change their Panel only for more Design and nicer stats ? Rolleyes
03-17-2007 01:58 AM
Visit this user's website Find all posts by this user Quote this message in a reply
BioALIEN Offline
Public Relations Officer
*****
Dev Team

Posts: 620
Joined: Feb 2007
Reputation: 5
Post: #12
RE: Why is Awstats implemented? -> security risk
Of course Smile Sys admins nowadays are lazy, they want things working nicely out of the box and this includes nicer stats. Isn't this the goal of this project? Wink
03-17-2007 02:00 AM
Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #13
RE: Why is Awstats implemented? -> security risk
Full ACK. But i never would change a running system for some new Design or Stats Big Grin
03-17-2007 02:48 AM
Visit this user's website Find all posts by this user Quote this message in a reply
RatS Offline
Project Leader
******

Posts: 1,854
Joined: Oct 2006
Reputation: 17
Post: #14
RE: Why is Awstats implemented? -> security risk
AWStats 6.6 is secure, there are no known vulnerabilities yet; I use it for at least 11 Month now...
03-17-2007 05:15 AM
Visit this user's website Find all posts by this user Quote this message in a reply
petzsch Offline
Junior Member
*

Posts: 43
Joined: Mar 2007
Reputation: 1
Post: #15
RE: Why is Awstats implemented? -> security risk
As far as I remember there was an issue in 6.4 that could be exploited by manipulated URLs in logfiles. So this version was even affected when awstats generated static html files.

It wasn't really the nature of the bug that fuzzed me, but the time that it took to mend it in the public releases. But I guess if one is unforgiving, than even anything labeld VHCS would not be worth considering to be installed because of it's history.

Just my $0.02 Smile

I agree that there should be an option for the admin to decide about this, perhaps even to enable both and to let the reseller/customer make an individual choice (if both where enabled by the admin).
03-21-2007 06:35 AM
Find all posts by this user Quote this message in a reply
RatS Offline
Project Leader
******

Posts: 1,854
Joined: Oct 2006
Reputation: 17
Post: #16
RE: Why is Awstats implemented? -> security risk
there would be the opportunity to choose AWStats or let it. Not more, not less at first!
03-21-2007 05:26 PM
Visit this user's website Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #17
RE: Why is Awstats implemented? -> security risk
I think thats enough at first....
03-21-2007 06:02 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)