Urchin is a web traffic analyzer package that usually runs on its own web server port.
Urchin allows administrators to access and analyze web logs remotely. When the software is first
installed, it uses a default username/password combination of "admin" with password "urchin".
If this password is left unchanged, anyone can log in and view logs or change the configuration.
Urchin logs can contain usernames used to log in to your sites. By viewing the configuration,
a remote user could also obtain your Urchin serial number and registration information. It
is also theoretically possible for a remote user to set up a new site profile and divulge information
from arbitrary text files on the system by telling Urchin to treat certain directories (for example,
the /etc directory) as web log directories.