Jonas/Yehuda,
The example I chose was a bad one, just rushing to get the mail out I guess. The vast majority of the requests have a return of 200, with a few 503.
I hope this reply goes through - I've waited a few days. Earlier replies to the list keep getting rejected due to SPAM scores - I kept removing content , thinking the HTTP access logs were the culprit - but that did not work.
I'm also sending it from an additional address I've subscribed.
Richard Mixon
Custom Computer Creations, LLC
RNMixon@xxxxxxxxxx
mobile: 480-577-6834
On Feb 18, 2014, at 1:19 AM, Jonas Eckerman <jonas_lists@xxxxxxxxx> wrote:
> Just commenting on you're logged request, not your config...
>
> What was it that made you think you had an open proxy?
> Was it only requests like the one below?
> Where they all answered with status 403?
>
> Richard Mixon <rnmixon@xxxxxxxxxx> wrote:
>
>> After that we started getting flooded with requests such as the following:
>
>> 64.120.77.151 - - [13/Feb/2014:00:03:05 -0700] "GEThttp://ads.yahoo.com/st?ad_type=iframe&ad_size=160x600§ion=4660128&pub_url=${PUB_URL}HTTP/1.0" 403 283 "http://creditsxchange.com/index.php/hotdeal/5536-the-times-of-india" "Mozilla/5.0 (Windows NT 7.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.112 Safari/534.30"
>
> You should expect requests like that on any httpserver open to the internet on port 80, just as you should expect scripted exploit probes.
>
> Since your server answered 403 (forbidden) the request logged above is not a problem and does not indicate an open proxy.
>
> Regards
> /jonas
> --
> Monypholite gemgas.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|