old post, but due to recent 'cracktivity' going on out there a short note Andrew Kenna([EMAIL PROTECTED])@2001.08.01 13:42:05 +0000: > I know this has nothing todo with mirroring of the apache site, but I can't > find any other mailing lists > > I have recently been getting entries appearing in my apache-status logs as > follows > > 6-3 - 0/0/64 . 0.04 1944 6 0.0 0.00 0.08 pd900f25a.dip.t-dialin.net > (unavailable) GET http://www.cash2002.de/cgi-bin/cash_x.cgi?ID=3305108 > HTTP/1
a typical connection attempt to check out if your apache is configured as a proxy. perhaps the apache.org crew or netcraft or whoever should do a coordinated query on all apache servers, if they got mod_proxy enabled by their vendor default installation or by accident. you'd like to see the access_log entry instead. the mod_status output does not contain the http result code. > I can only assume by this that someone is using my web server as some sort > of re-director so they can crappy sites on the net ? as i said, it is a proxy probe. there are several skriptkiddie toolz out there by now that do this. the scans i get on my sites are getting heavier and heavier. > What can I do to prevent these sorts of things appearing disable mod_proxy, or - if it's needed - configure it correctly. if it's not active, the client gets a 404 and everything is fine. regards, /k -- > Love does not make the world go around, just up and down a bit. KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.net/ GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/ Please do not remove my address from To: and Cc: fields in mailing lists. 10x
pgpG637wBbV0n.pgp
Description: PGP signature