Re: [glob2-devel] awstats

[Kyle Lutze]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stéphane Magnenat wrote:
> Hello,
> 
>> It is generally advised not to run awstats on a public site. I would
>> suggest to login+password protect browser access to awstats. It has a
>> quite poor security history!
> 
> Thanks for the information :-)
> 
> Kyle, it's up to you, it's your server. I don't know if it would be very 
> difficult to use our unified login to access this page (that would require 
> adding a custom mod to apache security).
> 
> Have a nice day,
> 
> Steph
> 

I know it has a quite poor security history. I'm currently working on
setting up some enhanced security features on my server for extra coolness.

ex: to ban bad robots, in my robots.txt file I'm adding a link to a trap
file. if they hit it, they get screwed into being blocked permanently
from my server. hopefully this will reduce some of the load on it,
granted it's not too high right now.

other stuff: not to be mentioned as they're super secret :P

also, awstats got screwed for this month, and I've spent too much time
trying to fix it to no avail and I'm not going to try anymore.

if anybody is willing to help me write some scripts to boost security
please hit me up in the irc channel.

back to computer chores for me,
Kyle
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2-ecc0.1.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEcH5JVFIipMnXxfYRAud2AJ9ZkfozvG+ms0pUo3rEbcGUp3rR7QCfeQ52
oj5fJ8en1Skb7MvTcbCruRM=
=RskO
-----END PGP SIGNATURE-----