Dec23

Written by:David Aldridge
12/23/2009 5:09 PM 

Turns out that when I moved hosts I didn't secure my AWstats page.  It was on a straight IP and you needed to know the config files name before it would be any use, so I figured it was safe enough.  Wrong as it turns out.

I started seeing some funny referrers showing up in the logs for my sites.  Links to sites that should not be referring to my sites.  Links to affiliate sites for making other people money.  Looking at the IP Address of the connections in the log files, it turned out to be coming from a DSL line in the netherlands.

Our man of mystery in the netherlands found my awstats page by doing an automated sweep of IPs and adding the proper extensions for the default location of awstats. The (relatively) impressive bit is that he also appended the domain names related to the IP as the config file location and used variations of it - mines was just the first part of the domain name.

What he was looking for is backlinks for nothing - he sweeps the site once a month and the backlinks get listed in the AWstats page for the month at the bottom. With my page this is useless as its not listed in the search engines, but there are others that ARE listed...

Go to google and type :
inurl:"/awstats/cgi-bin/awstats.pl"

You will see other pages where they do show up in the listsing and the backlinks would be useful as a blackhat technique for impoving one way backlinks.

Anyway lesson learned - the page now requires a login.

Tags:

Your name:
Your email:
(Optional) Email used only to show Gravatar.
Your website:
Title:
Comment:
Security Code
Enter the code shown above in the box below
Add Comment  Cancel 
You must be logged in and have permission to create or edit a blog.