On 2/18/07, Graham Frank <gfrank@xxxxxxxxxxxxxx> wrote:
Hey, System Specs: Apache 2.2.4 using worker MPM Dual Opteron 270 x86_64 I'm noticing in my access_log the following: <ip removed> - - [16/Feb/2007:23:27:19 -0500] "CONNECT <domain removed>:25 HTTP/1.0" 200 100482 By the looks of it, it's accepting the request and following through? How can I block connections like these? Furthermore, how concerned should I be regarding this?
I think you should be concerned. Port 25 is the smtp port, so someone is trying (and mybe succeeding) to use your apache server as a proxy to contact an email server. There are usually no reasons to do this, other than sending spam. You need to have look at your server config. It is usually not a good idea to let the world use your server as a proxy. Read this: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html Krist -- krist.vanbesien@xxxxxxxxx Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|