[Consortium] lao subdomains

Jörn Nettingsmeier nettings at stackingdwarves.net
Thu Apr 26 20:47:05 UTC 2012

On 04/26/2012 05:47 PM, Robin Gareus wrote:
> Hi *,
> There's a whole lot of v-hosts below linuxaudio.org. The recent
> migration of vhosts gave rise to rethink and hopefully consolidate others.
> Let me first list the "good ones" and them move on to suggestions for
> the cruft. Please comment on my suggestions there. If you don't, you
> forfeit your right to complain later :-)

i'm with you on all items, but want to comment on this one:

> http://stats.linuxaudio.org/
>    server statistics
>    ?? should those be password protected ??
>    some of the AWstats may be used to track users (e.g. top 10 host list)

been running awstats for ages because its output is great, but it's a 
security nightmare. i've taken to displaying only static pages generated 
from a cronjob every hour. not as convenient, and makes browsing of 
previous years a lot harder, but there have been soo many XSS attacks 
and other gotchas in the past...

imho, it's either that or password-protect it. my logs show numerous 
automated scans for vulnerable awstats implementations.

Jörn Nettingsmeier
Lortzingstr. 11, 45128 Essen, Tel. +49 177 7937487

Meister für Veranstaltungstechnik (Bühne/Studio)
Tonmeister VDT


More information about the Consortium mailing list