[Consortium] lao subdomains
nettings at stackingdwarves.net
Thu Apr 26 20:47:05 UTC 2012
On 04/26/2012 05:47 PM, Robin Gareus wrote:
> Hi *,
> There's a whole lot of v-hosts below linuxaudio.org. The recent
> migration of vhosts gave rise to rethink and hopefully consolidate others.
> Let me first list the "good ones" and them move on to suggestions for
> the cruft. Please comment on my suggestions there. If you don't, you
> forfeit your right to complain later :-)
i'm with you on all items, but want to comment on this one:
> server statistics
> ?? should those be password protected ??
> some of the AWstats may be used to track users (e.g. top 10 host list)
been running awstats for ages because its output is great, but it's a
security nightmare. i've taken to displaying only static pages generated
from a cronjob every hour. not as convenient, and makes browsing of
previous years a lot harder, but there have been soo many XSS attacks
and other gotchas in the past...
imho, it's either that or password-protect it. my logs show numerous
automated scans for vulnerable awstats implementations.
Lortzingstr. 11, 45128 Essen, Tel. +49 177 7937487
Meister für Veranstaltungstechnik (Bühne/Studio)
More information about the Consortium