Re: How to prevent Spammer from abusing Apache?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: How to prevent Spammer from abusing Apache?
From: Tony Anecito <adanecito@xxxxxxxxx>
Date: Mon, 18 Jun 2007 15:07:07 -0700 (PDT)
In-reply-to: <518EDAE4-902C-49C6-9579-510DE9678906@xxxxxxxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx

Thanks Karel,

I will implement your suggestions immediately. I already blocked in my router the company that was making the attempt from Seattle.

Many Thanks,

-Tony

Karel Kubat <karel@xxxxxxxxxxxx> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Tony,

On Jun 18, 2007, at 11:25 PM, Tony Anecito wrote:

> I noticed a someone was using CONNECT xxx.xxx.xxx.xxx http command
> against Apache. I was wondering how to disable the CONNECT command
> from executing on Apache. In a couple of entries I noticed a
> connection from Seattle that might be a spammer so I want to
> disable the CONNECT command from running successfully.

I'd advise you to CLOSE THIS IMMEDIATELY. Before long your site will
be on lists of open proxies and you'll be denied traffic. And trust
me, it's a huge pain getting off those lists. Until you fix this
issue, don't advertize your site - there will be plenty of spambots
checking the openness of your proxy.

See the proxy documentation, off the top of my head (check the docs,
I can't access them now but want to leave at least a pointer) there
are at least 3 alternatives:

# 1. If you have a reverse proxy only, you don't need to serve proxy
requests
ProxyRequests off

or

# 2. If you have a forwarding proxy, then you must serve proxy requests.
# Use a whitelist of the systems that are allowed to do so, and close
all
# others. I'm not sure this is the right syntax btw...

order deny, allow
deny from all
allow from 127.0.0.1

or

3. Have your proxy listen to some odd port, say 8080, set up as a
virtual server. Allow proxy requests only in that virtual server.
Have your internal LAN users (who use Apache as a forwarding proxy to
get to the outside) connect to that port, but close access to the
port from the outside on the OS level, eg. on Linux with iptables.

Hope this helps,
Karel

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)

iD8DBQFGdvzI23FrzRzybNURApPOAKCOtTA73RZULOmGApmFwVCeMAcOiQCfeApS
c9aeh/4r60oFTHhDGNCG6dM=
=G9Md
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

Be a better Heartthrob. Get better relationship answers from someone who knows.
Yahoo! Answers - Check it out.

Follow-Ups:
- Re: How to prevent Spammer from abusing Apache?
  - From: Bill Hernandez

References:
- Re: How to prevent Spammer from abusing Apache?
  - From: Karel Kubat

Prev by Date: Re: How to prevent Spammer from abusing Apache?
Next by Date: Apache instalation
Previous by thread: Re: How to prevent Spammer from abusing Apache?
Next by thread: Re: How to prevent Spammer from abusing Apache?
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]