Stats publicly visible on PS?


#1

I’ve got a couple of Wordpress-based sites running on a PS.

I just noticed yesterday that the /stats/ directory for both sites is wide open and it seems anyone can see the site’s Analog/Dreamhost stats just by visiting mydomain.com/stats/.

On my shared hosting based WP sites I just get a 404 error if I try to do this. This is pretty much the desired behaviour (for me, at least).

So, is it something I’ve forgotten to set up or a box I should have ticked, or does this happen to everyone? And, more importantly, how can I stop these stats revealing themselves to the world?


#2

It can appear to perform in that manner on all hosts (VPS and shared alike) after you’ve authenticated yourself at least once. Try deleting your cookies and closing your browser, then re-open and browse to the stats page again. If it asks you to re-authenticate then everything’s as it should be.

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost


#3

The problem has to do with HTTP authentication. There should be an .htaccess file and an .htpasswd file location in the directory ~/logs/domain/http/html

Normally the DreamHost Web Panel has a form that lets you manage the users for that directory.

WordPress comes with mod_rewrite rules that at first interfere with the alias DreamHost configures to map /stats to ~/logs/domain/http/html unless you modify them to exclude the /stats. And so that also means you can use rewrite rules or redirect directives to prevent access to the stats directory as well.

Customer since 2000 :cool: openvein.org


#4

Aha! In that case, I can see the problem – there are no .htaccess/.htpasswd files in the /logs/[domain]/http/html directories for the affected sites.

I’ve now tried adding a new stats user to each site in the hope that it would regenerate the .htaccess files, and it has worked. The /stats/ dir is now happily 404ing away rather than showing my knickers to the world, which is a definite result. Yay!

Thanks all for the pointers :slight_smile:


#5

You should let Support know about that.

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost