Making AwStats available outside of cPanel ?

alex-info

Registered
Nov 14, 2003
4
0
151
Quebec, Canada
Hi !

My web host is running cPanel. What I would like to do is make the AwStats page "public" : making it available to anywone *without* having to login in to cPanel. Maybe something in a simple url like http://www.mydomain.com/stats .

I tought that all I had to do is download awstats and place it in my cgi-bin and call cgi-bin/awstats.pl?config=mydomain.com but I keep getting 404 when I try that.

I also tried moving the whole thing to a folder named "stats" (chmoded to 755) and called stats/awstats.pl?config=mydomain.com but now I'm getting a 403

I then tried to make a valid config file (myconf.conf) and called stats/awstats.pl?myconf and I tought it would work (it seems to do something ofr a couple of seconds) but then I got the 403 again.

I really tought this would be simple since the stats are already "compiled" and all I need is to display them, but I can't get it to work.

Any idea ?

Thanks !
 

salientdigital

Registered
Nov 12, 2003
1
0
151
Tempe, AZ
RE: Making AwStats available outside of cPanel

I have the same exact request.
Ditto.

I was working with the support staff at my host and they keep creating a symbolic link to the stats, which works for a few minutes, then says

'forbidden'

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

The lack of this ability forces the cPanel user to have to manually email stats to addon domain clients.

:confused:
 

namehog

Active Member
Aug 7, 2003
32
0
156
Northampton UK
AWSTATS Login

It would really be useful if this could be added to a future release - as we have many managed sites - where the clients only need to see the stats - without seeing the cPanel - so come on cPanel - how about a development path and response please ??? :cool:
 

crazeegeek

Registered
PartnerNOC
Oct 24, 2003
2
0
151
We use this totalchoicehosting.com/help/statisticspage.htm

It has a login but you can edit the script to remove the login
 

namehog

Active Member
Aug 7, 2003
32
0
156
Northampton UK
Awstats Login

Crazeegeek - I have tried this script and it rocks ! - works first time -

totalchoicehosting.com/help/statisticspage.htm

Thanks Again
 
Last edited:

smoknz28

Member
Sep 5, 2003
16
0
151
Re: Awstats Login

Originally posted by namehog
Crazeegeek - I have tried this script and it rocks ! - works first time - my clients will be over the moon with this



Thanks Again
Page Not Found

I'd sure be interested to see what this is however... ;)
 

smoknz28

Member
Sep 5, 2003
16
0
151
Wow, that Awstat's script worked great!

Awesome instructions and a great script! :D

Thanks for posting that link up for us "namehog".
 

smoknz28

Member
Sep 5, 2003
16
0
151
I am a bit worried with this script however....

Keep in mind that I'm in no way proficient with PHP....hell, or HTML for that matter. :p

One concern of mine is that by using this script...we are placing our cPanel Login and Password into the same file that runs this script. I'm use to scripts such as this will use a seperate file (config.php, config.inc.php) which will store the protected information such as passwords.

With this script...it's all in one file, index.php.

Should I be concerned here gang?
 

smoknz28

Member
Sep 5, 2003
16
0
151
Originally posted by Bailey
Wow, look at that, the client's cPanel username and password are wide-open in plain text. So anyone (hacker, competitor, etc.) can come along, get their password, go in and freely delete or mod any files at will!

EXCELLENT idea!!! :rolleyes:

:D Bailey
Bailey, you and I must have been typing at the same time and you beat me to it. :cool:

So, my previous questions are on the mark then...
 

smoknz28

Member
Sep 5, 2003
16
0
151
Well, what do some of you who know more about PHP out there think of this script?

Leaves us too open for hackers?
 

myusername

Well-Known Member
PartnerNOC
Mar 6, 2003
693
1
168
chown -R us.*yourbase*
cPanel Access Level
DataCenter Provider
Twitter
I think it is a bit risky. I remember an outsourced hosting support a while back who had their stats page viewable by the general public.

Thei eventually got spidered, and some crackers found some urls that should have been only known by the site owner.

Guess what happened? Site hacked, along with server hosting companies wondering who all had access to their server root passwords, etc etc etc.

Just a heads up. i explain the importance of password protected stats to mu users and they seem okay with it.
 

crazeegeek

Registered
PartnerNOC
Oct 24, 2003
2
0
151
Originally posted by smoknz28
One concern of mine is that by using this script...we are placing our cPanel Login and Password into the same file that runs this script. I'm use to scripts such as this will use a seperate file (config.php, config.inc.php) which will store the protected information such as passwords.
index.php
Code:
<?php
require_once("config.php");

if (!isset($PHP_AUTH_USER)) {
	
	header('WWW-Authenticate: Basic realm="Site Statistics"');
	header('HTTP/1.0 401 Unauthorized');
	echo 'Authorization Required.';
	exit;
	
} else if (isset($PHP_AUTH_USER)) {
	if (($PHP_AUTH_USER != $username) || ($PHP_AUTH_PW != $password)) {
  
  header('WWW-Authenticate: Basic realm="Site Statistics"');
  header('HTTP/1.0 401 Unauthorized');
  echo 'Authorization Required.';
  exit;
	}
else {
  if($QUERY_STRING == ""){$query = "config=$site";}else{$query=$QUERY_STRING;};
  
  exec("/usr/bin/curl 'http://$cpnlusername:[email protected]$site:2082/awstats.pl?$query'",$return_message_array, $return_number);
  
  for ($i = 0; $i < count($return_message_array); $i++) {
  	$results = $results.$return_message_array[$i];
  }
  
  if($query == "config=$site"){$results = str_replace("src=\"", "src=\"?", $results);}
  
  if($framename==index){$results = str_replace("src=\"", "src=\"index.php?", $results);}
  
  $results = str_replace("action=\"", "action=\"index.php?", $results);
  $results = str_replace("href=\"", "href=\"?", $results);
  $results = str_replace("awstats.pl?", "", $results);
  
  echo $results;
	}
}
?>
config.php
Code:
<?php
$username = "user";
$password = "pass";
$site = "yoursite.com";
$cpnlusername = "cpanel_username";
$cpnlpassword = "cpanel_password";
?>
 

drm

Member
Dec 13, 2003
16
0
151
Presumably there's no way to stop the user getting the config.php source via FTP and finding their username and password to access CPanel?
 

rligg

Well-Known Member
Sep 16, 2003
275
0
166
This does not work for me. I keep getting prompted to enter a password even though I am entering the correct password.
 

EcoHosting

Member
Mar 6, 2004
23
0
151
Montreal
I would strongly recommend anyone using this put the config file outside of your /public_html/ folder. Helps mitigate any risk.
 

fstaRocka

Registered
Feb 12, 2011
1
0
51
hi there - im a bit confused... theres already a stats folder under www/public_html. do i put the files in there or in a new stats folder per each addon domain?

(i assume the latter?) - ive stashed my login details via another file above www - and i get an error msg :

Error: Couldn't open config file "awstats.strike1.co.za.conf" nor "awstats.conf" after searching in path "/usr/local/cpanel/base,/home/franstar/tmp/awstats/,/etc/opt/awstats,/etc/awstats,/etc,/usr/local/etc/awstats": No such file or directory

- Did you use the correct URL ?
Example: http://localhost/awstats/config=mysite
Example: http://127.0.0.1/cgi-bin/config=mysite
- Did you create your config file 'awstats.strike1.co.za.conf' ?
If not, you can run "awstats_configure.pl" from command line, or create it manually.

Check config file, permissions and AWStats documentation (in 'docs' directory).

have a look there - login/pw is user/pass- and the site is not an important one. if u can pls help that would be gr8 -

i would assume each concurrent cliet/domain would simply goto theirdomain.com/ststas and have their stuff shown?

not working for me.... boo