awstats, protect yours
 

found bots today hammering all my domains looking for awstats info

208.62.52.1 - - [23/Mar/2005:11:09:38 -0600] "GET /cgi-bin/awstats.pl HTTP/1.0" 404 282 "-" "-"
208.62.52.1 - - [23/Mar/2005:11:09:38 -0600] "GET /cgi/awstats/awstats.pl HTTP/1.0" 302 280 "-" "-"
208.62.52.1 - - [23/Mar/2005:11:09:38 -0600] "GET /cgi/awstats.pl HTTP/1.0" 302 280 "-" "-"
208.62.52.1 - - [23/Mar/2005:11:09:38 -0600] "GET /cgi-local/awstats/awstats.pl HTTP/1.0" 302 280 "-" "-"
208.62.52.1 - - [23/Mar/2005:11:09:38 -0600] "GET /cgi-local/awstats.pl HTTP/1.0" 302 280 "-" "-"
208.62.52.1 - - [23/Mar/2005:11:09:38 -0600] "GET /lcgi-bin/awstats/awstats.pl HTTP/1.0" 302 280 "-" "-"
208.62.52.1 - - [23/Mar/2005:11:09:38 -0600] "GET /lcgi-bin/awstats.pl HTTP/1.0" 302 280 "-" "-"
208.62.52.1 - - [23/Mar/2005:11:09:38 -0600] "GET /awstats/awstats.pl HTTP/1.0" 401 467 "-" "-"
208.62.52.1 - - [23/Mar/2005:11:09:38 -0600] "GET /awstats/cgi-bin/awstats.pl HTTP/1.0" 401 467 "-" "-"
208.62.52.1 - - [23/Mar/2005:11:09:38 -0600] "GET /awstats/cgi-local/awstats.pl HTTP/1.0" 401 467 "-" "-"

thats them trying to find the script on one particular domain..

so if you are using awstats and not using protection, eventually someone is going to be spying on you... if you add this to your httpd.conf file
you can password protect your awstats just like you do a members section

<Directory "/usr/local/www/awstats/">
Options None
AllowOverride None
Order allow,deny
Allow from .yourhost.yourisp.com
AuthUserFile /path/2/your/.htpasswd
AuthGroupFile /dev/null/
AuthName Restricted
AuthType Basic
Require valid-user
</Directory>

AuthUserFile /path/2/your/.htpasswd
replace with the path to your httpd auth user database

the allow statement is for even more protection

the Allow from can make is so that you only accept from a certain hostmask or ip such as
Allow from .houston.res.rr.com
or if you have static ip
Allow from 29.294.49.256