I would seem that anyone can look at anyone's webstats. You only need to know that there is a webstats folder in the root domain.

Do you have a solution to secure this?

I suppose you could try htaccess and htpasswd. Would this have any adverse effects on the system as it does updates?

Sure, you can secure your Webstats with .htaccess and .htpasswd without any adverse effects on the updates. :)

well I tried this htacess example straight out of the help tutorials. no joy. I get the signon window (so I know htaccess is there and working), but my ops username and password are rejected. I did not add a .htpasswd file as this method uses the ops one. I double checked my username and password to make sure they are what I am using in ops. I double checked my mods to the below example to ensure the correct letter and username were inserted. is this example correct?

AuthUserFile /www/u/username/.htpasswd
AuthGroupFile /dev/null
AuthName "test"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>

In AuthUserFile above, there are three values: u, username, and test. Here's what you need to substitute into each:

u = First Letter of your username
username = OPS Username
test = You can write anything here...This will display on the authentication box. e.g. XYX's Members Area

Originally posted by B&T
I did not add a .htpasswd file as this method uses the ops one.
I doubt if there is any way to use the OPS username/passwords (and I can't find anything in the tutorial/faq's about how to access them).

The AuthUserFile line of your .htaccess points to the .htpasswd file you're using. You need to modify that line to point to your home directory and then you need to folow the tutorial to create a .htpasswd file in that directory.

so where the example says OPS Username, they really mean your domain name because it is pointing to your domain directory? That is misleading. When they said OPS Username I thought that was what they meant - OPS Username. That's why I thought it was using the OPS password.

I do remember reading that our stuff is stored in www/d/domain so that does make sense. That help page needs to be redone.

OK . . . I will try it with domainname and use my own htpasswd.

Originally posted by B&T
I do remember reading that our stuff is stored in www/d/domain so that does make sense. That help page needs to be redone.

It's is only d/domain if you used your domain name as your OPS username...

Your package is stored in /www/u/username - you can log into OPS and look in the FTP tab to verify this.

OK. Now I get it. It is the master user name for your package. When they said OPS Username I thought they meant the user name you sign into OPS with. It would be clearer to just tell you to use the name you see on the FTP tab. But I am there now, thanks to your help :)

You can also extend that path to put both the htaccess and htpasswd files in the webstats directory rather than having them spread around in different directories. I did this so I can keep everything clean and easy to understand.