monitoring a free program

Unicef2k has asked for the wisdom of the Perl Monks concerning the following question:

My boss wants a web traffic analysis program installed on his site. I've found AWStats for him. There web site is http://perso.wanadoo.fr/l.destailleur/awstats.html AWStats is free, so how can I monitor it so it willn't screw up my boss' site or send information on our server elsewhere?

Comment on monitoring a free program

Replies are listed 'Best First'.
(jcwren) Re: monitoring a free program by jcwren (Prior) on Oct 10, 2000 at 02:34 UTC
I would consider e-mailing/calling the authors of the program. This site is more dedicated to Perl programming, and some advice about the more common problems (Database interfacing, writing CGI scripts, security issues, etc). While there might be a person who has possibly made use of this companies product, it's highly unlikely. You've also provided insufficient information, even if someone could help you. Unix or Windows? Do you have ANY server administration or CGI experience at all? Define 'screw up'? What kind of volume is the site expecting? You've got to bring a lot more to the table than 'will this screw up my site, and how can I tell?'. --Chris e-mail jcwren	[reply]
Re: monitoring a free program by alftheo (Scribe) on Oct 10, 2000 at 13:33 UTC
From a look at the AWStats website, it works on the server logfile only. That means it does not interact with the internet at all, it only reads information from a text file. It publishes it's results as a web page, but that does not interfere with any of the pages that it monitors.	[reply]
Re: monitoring a free program by AgentM (Curate) on Oct 10, 2000 at 02:33 UTC
Pull the wires out the back of your computer. Access your web page on the machine. If the perl script complains or fails, then it's sending stuff elsewhere. They usually do. It's fun, easy, and informative enough to hack up one yourself, though. Update: I meant any networking cables. if you pull the power plug, your perl script will not complain. Update 2: Also try scanning the sources for any suspicious `use` tags. Really, another other than use CGI; would look suspicious to me. Also scan for socket API which really doesn't have a place in the script. AgentM Systems or Nasca Enterprises is not responsible for the comments made by AgentM- anywhere.	[reply]
(jcwren) RE: (2) monitoring a free program by jcwren (Prior) on Oct 10, 2000 at 02:52 UTC
Dude, let's be a little more helpful. This person has had an account since 06/04/2000 on this site, but has a total of 5 posts, counting this one. Three of his previous posts were clearly indicative of someone who is not well practiced in Perl, or at least not CGI (and one doesn't have to learn CGI to use Perl effectively). His 4th post was asking what Perl books he should buy, which he got a reasonable list of. He clearly states that he has been put in a position of having to learn Perl/CGI for his job. That was about a month ago. He's obviously not posting as a homework troll. Lastly, look at his handle. It's unlikely that unless someone were working for UNICEF they'd pick such a handle. I imagine (and I certainly could be wrong, it's not unusual), that this person works in some capacity for UNICEF. While the question was not very detailed in regards to the specifications of what he's trying to do, I don't think he deserves a flippant response. I think it's our job to point out where to go for other sources of information that are relevant. Telling him to yank the cords out the back of the computer is hardly a helpful solution. Don't get me wrong, I think there are posts that deserve vitrolic responses, but I think this person was asking a real question, just very naively. Let's save the nasty responses for the homework trolls. --Chris e-mail jcwren	[reply]
RE: (jcwren) RE: (2) monitoring a free program by AgentM (Curate) on Oct 10, 2000 at 02:58 UTC
actually, i gave a completely serious response. that's what i would do to ensure that any downloaded program is not sending my shit over the net. how else would you do it, supposing that you have no access to the code? if he has the source, then i explained to him what to search for. you are looking for a hidden agenda in my helpful and brief note which doesn't exist. AgentM Systems or Nasca Enterprises is not responsible for the comments made by AgentM- anywhere.	[reply]
RE: Re: monitoring a free program by cianoz (Friar) on Oct 10, 2000 at 14:50 UTC
Also scan for socket API which really doesn't have a place in the script. actually the script uses Socket (optionally) for dns lookup...	[reply]
Re: monitoring a free program by amelinda (Friar) on Oct 11, 2000 at 00:24 UTC
I actually went and looked at the code off of the site. From a very quick look-through¹, it does not appear that it does anything malicious (like sending /etc/passwd back to the author). The only use of Socket that I saw was for doing the dns lookup, as someone mentioned. However, the original question is vague enough to warrant a different interpretation. Perhaps instead of "send information on our server elsewhere?" the querent meant to ask "Will this information be accessible to people on the outside of our server?" If that is the real question, my best guess at the answer is "yes, just like any other web page on the server." Of course, it'd be hard to get to without knowing the exact URL, but that's just security through obscurity. Use of .htaccess (which the perl script won't interfere with) may be called for here. ¹ Total Disclaimer: I only skimmed the script, and take no responsibilty if you use it and I missed something and it blows up your program, CPU, house, or fingers.	[reply]

Back to Seekers of Perl Wisdom