LogFile="/var/log/apacher1/access_log" ^^ Seems like it fails to filter -r* from apache version - I have apache-2.0.52-r1. Reproducible: Always Steps to Reproduce:
Sorry for the delayed response. I've fixed this in CVS but I'm not doing a bump until bug 92096 is fixed. First I have to see if I can even reproduce it (which I cant do because apache's broke atm :/). I'd recommend disabling awstats until either a) it's verified that the version in gentoo is not vulnerable or b) we fix it/upstream does a new release.
Thanks. As for the other bug, I use awstats with mod_auth_mysql so that it makes a chance for hacking somewhat lower. ;-)