On 03/03/2014 10:47 PM, Tim wrote:
Allegedly, on or about 03 March 2014, Dan Thurman sent:
It looks to me like a successful indirect connection?
The following is taken from /var/log/httpd/access_log
185.4.227.194 - - [03/Mar/2014:07:27:49 -0800] "GET http://24x7-allrequestsallowed.com/?PHPSESSID=1rmsxtj500143TRMUTP_ODZZWA HTTP/1.1" 200 5264 "-" "-"
With a "GET" request that has a full URI rather than just a filepath to
something within your own website, that looks like they're trying to use
you as a proxy for whatever their nefarious aims are (which Apache *can*
do, but doesn't have to). The "200" response means "okay," so it
apparently succeeded with 5264 bytes being sent. Try the same sort of
hack, yourself, on your own server, to see what it does. Though try
getting some other website, not the one that's playing games with you.
Since it's to a non-website, they may be pooling data of what fails and
succeeds, so they can make use of it later. Which could be anything
from doing a hack on you, using you as a sacrificial proxy for illegal
activities, using you as a proxy to bypass state censorship, one of the
white hat hackers researching statistics on unsafe webservers, or
anything else that you can think of.
Because you don't know their motives, I'd consider them as being bad,
and worth doing something about. Unless you are purposely using the
proxy features of Apache, disable them. If you are making use of them,
then tighten up the configuration to only do what you want.
I found out that mod_proxy was installed on apache,
so I disabled mod_proxy and have yet to see any
proxy attempts
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
