On 6/15/2004, "Rio Martin" <[EMAIL PROTECTED]> wrote: >MRTG nya yang tinggi itu bagian Incoming Traffic atau Outgoing Traffic, atau >bahkan dua - dua nya. Coba cek log APACHE, apakah ada yang coba - coba METHOD >CONNECT port 25 terus - terusan ? kalau ada disitulah masalahnya yang habisin >bandwidth cukup banyak. > >Sekalian minta saran dari rekan2, gimana cara APACHE memblokir serangan METHOD >CONNECT yang ndak jelas tersebut.
mungkin ini bisa membantu http://www.apacheweek.com/issues/03-07-25 Spammers use open Apache proxies Over the last few weeks we've been receiving a number of reports where people running Apache servers have found that their servers have been used to send out Spam email messages. It appears that the Spammers are using an automated tool to find open Apache proxies. If the tool finds an open proxy on your machine it sends a POST request through the proxy to the local SMTP port (25), passing on the spam messages it wishes to send. Since most people will have set up their mail transfer agent to allow relaying of mail sent from the local host, the messages get sent out from your machine. Some of the reporters believe that this is a vulnerability of the Apache web server by allowing proxy connections to arbitrary ports. However the majoriry of sites that run open Apache proxies are doing so because of a misconfiguration rather than by design. Open proxies allow attackers wanting to target vulnerabilities at other sites (such as Cross site scripting attacks, SQL injection attacks and so on) to hide or complicate their real origin. If you are running the Apache web server we'd recommend that you take a look at your configuration files and make sure that you have not inadvertently set up an open proxy. If you do not need to act as a proxy server at all then make sure that the directive "ProxyRequests On" does not appear in your configuration file. Note that you do not need to use the ProxyRequests directive if you only want to use Apache as a reverse proxy. However ifyou do need to act as a proxy server, make sure that you only allow authorised hosts to connect. For example using the following configuration sample: <Directory proxy:*> Order deny,allow Deny from all Allow from fred.example.com </Directory> -- Unsubscribe: kirim email kosong ke [EMAIL PROTECTED] Arsip dan info di http://linux.or.id/milis.php FAQ milis http://linux.or.id/faq.php
