Neil Hopcroft

A digital misfit

Is anyone out there running awstats.pl?

What output does it give? I keep getting a bunch of requests searching for it, all of which are 404ing. I suspect its searching for a vulnerability of some kind – anyone know what uses this as a vector? What output should I feed it that would break the payload? I’m loath to install the awstats package, just to see what happens, but I suppose I could set up a honeypot to analyse it.


Categories: Memories.

/ 1 Comment

1 comment

  1. neilh

    OK, that looks about right, considering that the command is ‘id’. I suppose I should send a reasonable output to ‘id’ and see what happens next, shouldn’t I? root’d be a good id to send…but I’ll give ’em a different one for the moment, to see what they do next. Looks like its an automated checker of some kind, so if I can put a spanner in its works its gotta be a good thing.

    Reply

Leave a Reply

Your email address will not be published.