On 2/18/07, Graham Frank <[EMAIL PROTECTED]> wrote:
Hey,
System Specs:
Apache 2.2.4 using worker MPM
Dual Opteron 270 x86_64
I'm noticing in my access_log the following:
<ip removed> - - [16/Feb/2007:23:27:19 -0500] "CONNECT <domain removed>:25
HTTP/1.0" 200 100482
By the looks of it, it's accepting the request and following through? How
can I block connections like these? Furthermore, how concerned should I be
regarding this?
I think you should be concerned. Port 25 is the smtp port, so someone
is trying (and mybe succeeding) to use your apache server as a proxy
to contact an email server. There are usually no reasons to do this,
other than sending spam.
You need to have look at your server config. It is usually not a good
idea to let the world use your server as a proxy. Read this:
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
Krist
--
[EMAIL PROTECTED]
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
