Making AwStats available outside of cPanel ?

[alex-info]

Hi !

My web host is running cPanel. What I would like to do is make the AwStats page "public" : making it available to anywone *without* having to login in to cPanel. Maybe something in a simple url like http://www.mydomain.com/stats .

I tought that all I had to do is download awstats and place it in my cgi-bin and call cgi-bin/awstats.pl?config=mydomain.com but I keep getting 404 when I try that.

I also tried moving the whole thing to a folder named "stats" (chmoded to 755) and called stats/awstats.pl?config=mydomain.com but now I'm getting a 403

I then tried to make a valid config file (myconf.conf) and called stats/awstats.pl?myconf and I tought it would work (it seems to do something ofr a couple of seconds) but then I got the 403 again.

I really tought this would be simple since the stats are already "compiled" and all I need is to display them, but I can't get it to work.

Any idea ?

Thanks !

 

[salientdigital]

RE: Making AwStats available outside of cPanel

I have the same exact request.
Ditto.

I was working with the support staff at my host and they keep creating a symbolic link to the stats, which works for a few minutes, then says

'forbidden'

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

The lack of this ability forces the cPanel user to have to manually email stats to addon domain clients.

 

[namehog]

AWSTATS Login

It would really be useful if this could be added to a future release - as we have many managed sites - where the clients only need to see the stats - without seeing the cPanel - so come on cPanel - how about a development path and response please ???

 

[WreckRman2]

I too would like to see this option...

 

[crazeegeek]

We use this totalchoicehosting.com/help/statisticspage.htm

It has a login but you can edit the script to remove the login

 

[smoknz28]

Would most definitely be useful!

 

[namehog]

Awstats Login

Crazeegeek - I have tried this script and it rocks ! - works first time -

totalchoicehosting.com/help/statisticspage.htm

Thanks Again

 

[smoknz28]

Re: Awstats Login

Originally posted by namehog
Crazeegeek - I have tried this script and it rocks ! - works first time - my clients will be over the moon with this



Thanks Again

Page Not Found

I'd sure be interested to see what this is however...

 

[namehog]

Awstats

Ooops !

totalchoicehosting.com/help/statisticspage.htm

 

[smoknz28]

Wow, that Awstat's script worked great!

Awesome instructions and a great script! :D

Thanks for posting that link up for us "namehog".

 

[smoknz28]

I am a bit worried with this script however....

Keep in mind that I'm in no way proficient with PHP....hell, or HTML for that matter. :p

One concern of mine is that by using this script...we are placing our cPanel Login and Password into the same file that runs this script. I'm use to scripts such as this will use a seperate file (config.php, config.inc.php) which will store the protected information such as passwords.

With this script...it's all in one file, index.php.

Should I be concerned here gang?

 

[smoknz28]

Originally posted by Bailey
Wow, look at that, the client's cPanel username and password are wide-open in plain text. So anyone (hacker, competitor, etc.) can come along, get their password, go in and freely delete or mod any files at will!

EXCELLENT idea!!!

:D Bailey

Bailey, you and I must have been typing at the same time and you beat me to it.

So, my previous questions are on the mark then...

 

[smoknz28]

Well, what do some of you who know more about PHP out there think of this script?

Leaves us too open for hackers?

 

[myusername]

I think it is a bit risky. I remember an outsourced hosting support a while back who had their stats page viewable by the general public.

Thei eventually got spidered, and some crackers found some urls that should have been only known by the site owner.

Guess what happened? Site hacked, along with server hosting companies wondering who all had access to their server root passwords, etc etc etc.

Just a heads up. i explain the importance of password protected stats to mu users and they seem okay with it.

 

[crazeegeek]

Originally posted by smoknz28
One concern of mine is that by using this script...we are placing our cPanel Login and Password into the same file that runs this script. I'm use to scripts such as this will use a seperate file (config.php, config.inc.php) which will store the protected information such as passwords.

index.php

<?php
require_once("config.php");

if (!isset($PHP_AUTH_USER)) {
	
	header('WWW-Authenticate: Basic realm="Site Statistics"');
	header('HTTP/1.0 401 Unauthorized');
	echo 'Authorization Required.';
	exit;
	
} else if (isset($PHP_AUTH_USER)) {
	if (($PHP_AUTH_USER != $username) || ($PHP_AUTH_PW != $password)) {
  
  header('WWW-Authenticate: Basic realm="Site Statistics"');
  header('HTTP/1.0 401 Unauthorized');
  echo 'Authorization Required.';
  exit;
	}
else {
  if($QUERY_STRING == ""){$query = "config=$site";}else{$query=$QUERY_STRING;};
  
  exec("/usr/bin/curl 'http://$cpnlusername:[email protected]$site:2082/awstats.pl?$query'",$return_message_array, $return_number);
  
  for ($i = 0; $i < count($return_message_array); $i++) {
  	$results = $results.$return_message_array[$i];
  }
  
  if($query == "config=$site"){$results = str_replace("src=\"", "src=\"?", $results);}
  
  if($framename==index){$results = str_replace("src=\"", "src=\"index.php?", $results);}
  
  $results = str_replace("action=\"", "action=\"index.php?", $results);
  $results = str_replace("href=\"", "href=\"?", $results);
  $results = str_replace("awstats.pl?", "", $results);
  
  echo $results;
	}
}
?>

config.php

<?php
$username = "user";
$password = "pass";
$site = "yoursite.com";
$cpnlusername = "cpanel_username";
$cpnlpassword = "cpanel_password";
?>

 

[drm]

Presumably there's no way to stop the user getting the config.php source via FTP and finding their username and password to access CPanel?

 

[rligg]

This does not work for me. I keep getting prompted to enter a password even though I am entering the correct password.

 

[EcoHosting]

I would strongly recommend anyone using this put the config file outside of your /public_html/ folder. Helps mitigate any risk.

 

[albatroz]

I tried this tip, but all I get is a blank page

 

[fstaRocka]

hi there - im a bit confused... theres already a stats folder under www/public_html. do i put the files in there or in a new stats folder per each addon domain?

(i assume the latter?) - ive stashed my login details via another file above www - and i get an error msg :

Error: Couldn't open config file "awstats.strike1.co.za.conf" nor "awstats.conf" after searching in path "/usr/local/cpanel/base,/home/franstar/tmp/awstats/,/etc/opt/awstats,/etc/awstats,/etc,/usr/local/etc/awstats": No such file or directory

- Did you use the correct URL ?
Example: http://localhost/awstats/config=mysite
Example: http://127.0.0.1/cgi-bin/config=mysite
- Did you create your config file 'awstats.strike1.co.za.conf' ?
If not, you can run "awstats_configure.pl" from command line, or create it manually.

Check config file, permissions and AWStats documentation (in 'docs' directory).

have a look there - login/pw is user/pass- and the site is not an important one. if u can pls help that would be gr8 -

i would assume each concurrent cliet/domain would simply goto theirdomain.com/ststas and have their stuff shown?

not working for me.... boo