<< ^ douillet@ensait.fr Two attacks against the Webalizer pages ? www.ensait.fr

Dont Over-react
The Webalizer pages of the many web sites over Internet are under attack.
Don't add to these attacks by shutting your own Webalizer statistics
Please, consider the following simple counter-measures :
(1) Create a new directory, say $wazdir, outside your web site.
(2) Copy the contents of the actual Webalizer directory (say $wbzdir) to $wazdir
(3) Change one line in the webalizer.conf file so that Webalizer writes into $wazdir
(4) Use ref_rebuild to edit the Webalizer pages from $wazdir to $wbzdir
MAP
story   patches   legal   
The story
html  Two attacks against the Webalizer pages2005-02-25
ps  (work in progress)2005-02-25
Samples (01/2005)
ring  A sequence of 292 infected Referrer tables (01/2005)2005-02-10
raw  datas Statistics concerning 6843 "not direct, more than twice"2005-02-25
sorted  referrer lines extracted from these 292 pages2005-02-25
Samples (02/2005)
ring  A sequence of 864 infected Referrer tables (02/2005)2005-02-15
raw  datas Statistics concerning 19767 "not direct, more than twice"2005-02-25
sorted  referrer lines extracted from these 864 pages2005-02-25
Configure
.config  Define the directories used. Modify, then execute ". .config"2005-02-25
blacklist txt  A tentative blacklist (regular dots must be coded as "[.]")2005-02-25
resolve list  A trick for collecting together some ip (e.g. the various google)2005-02-25
Rebuilding Referrers
ref rebuild  Appliable when an "All Referrers" page is present.2005-02-25
This patch rebuilds the "All Referrers" page together with the Referrers table in the "Usage page"
Expurging Referrers
ref fake  Appliable when the "All Referrers" page hasnt been collected.2005-02-25
This patch acts as a subroutine of "ref_rebuild" and creates a fake "Referrers page"
Dont Destroy evidences
Beware of destroying your statistics... and legal evidences.
  • Be sure that point (3) above is functional before editing (or removing webalizer.current from $wbzdir)
  • Don't destroy the original Webalizer files, even after editing
  • The sex+drug attack leads to a denial of service (together with a lowering of the fame of your web site) : consider a legal reaction
  • The goals of the inces-ncest attack aren't clear : consider keeping your log files for further examination
  • MAP
    story   patches   legal   


    douillet@ensait.fr
    2007/01/23 09h26