FreeBSD Port: awstats-6.2

Charlie Schluting charlie at
Wed Jan 26 19:53:30 PST 2005

On 1/26/2005 5:20 PM, Andrew J Caines wrote:
> FWIW, I think the original patch posted was lacking some changes in the
> pkg-plist which may or may not have been in the 6.2 update, when various
> bit moved around and the installed files changed.
> I've made another[1] for the 6.3 port[2]. This 6.3 port builds, installs,
> runs[3] and deinstalls cleanly. It doesn't specifically address any .jar
> install or other issues.

Indeed, the patch works (had to manually grab the tarball).

FWIW, yes, exploits are definitely in the wild. I grepped my logs for "wget" 
and saw one (successful) attempt:

/var/log/httpd-access.log: - - [26/Jan/2005:17:43:22 -0800] "GET 
HTTP/1.1" 200 588 "-" "LWP::Simple/5.65"

If you look at the code on: you'll see 
that it tries to start:

www        29943 101.6  0.5  4236 3504  ??  R     5:38PM 113:06.70 
/usr/local/apache/bin/httpd -DSS1 (perl)
Fuckers :(

Thanks for the patch!

More information about the freebsd-ports mailing list