People: in my server box , I am using squid as http accelerator ;setup is as follows
Flow of requests from users should be like this squid listens on public ip port:80 --->apache(127.0.0.1:80) --- RewriteRule for apache to--->zope:8080/plonesite Important NOTE : for the last couple of days I am experiencing that my plone site on zope :8080 is become not acceesible after 5/6 hours ,after the services I restarted : when I run the command # ` sockstat -4p 80 ` here I can see a specific IP address (164.115.5.2 ) connecting directly ande using python2.4 as pasted below . (My question is ,Is it normal this foreign ipaddress connectiong to my public ip and executing python.2.4 ? can I suspect this foreign Ip address as an attacker ?) many of you may be aware what is this & let me request you to share your information with me . Thanks in advance KK $ sockstat -4p 80 USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS www httpd 73932 3 tcp4 127.0.0.1:80 *:* www python2.4 44496 20 tcp4 my_Serverbox_public_IPAddress :65287 164.115.5.2:80 www python2.4 44496 30 tcp4 my_Derverbox_public_IPAddress:64313 164.115.5.2:80 www httpd 849 3 tcp4 127.0.0.1:80 *:* squid squid 603 9 tcp4 my_box_public_IPAddress:80 203.194.194.254:43451 squid squid 603 11 tcp4 my_Serverbox_public_IPAddress:80 *:* squid squid 603 13 tcp4 127.0.0.1:55663 127.0.0.1:80 www httpd 516 3 tcp4 127.0.0.1:80 *:* www httpd 515 3 tcp4 127.0.0.1:80 *:* www httpd 514 3 tcp4 127.0.0.1:80 *:* www httpd 514 18 tcp4 127.0.0.1:80 127.0.0.1:55663 root httpd 502 3 tcp4 127.0.0.1:80 *:* $ su
