Connection attempts - mod_proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello list

Using CentOS 5.4 version of apache httpd-2.2.3-31.el5. I have several virtualhost and one of the virtualhost, use mod_proxy to serve a web site I have running on Windows 2003, this server is not available online, it is an internal server.

Reviewing the messages I found Logwatch who have tried to use my server through the same mod_proxy to connect to other servers or sites.

Connection attempts using mod_proxy:
    95.25.10.121 -> 205.188.251.11:443: 1 Time(s)
    95.25.10.121 -> 205.188.251.16:443: 1 Time(s)
    95.25.10.121 -> 205.188.251.21:443: 1 Time(s)
    95.25.10.121 -> 205.188.251.26:443: 1 Time(s)
    95.25.10.121 -> 205.188.251.31:443: 1 Time(s)
    95.25.10.121 -> 205.188.251.36:443: 1 Time(s)
    95.25.10.121 -> 64.12.202.116:443: 1 Time(s)
    95.25.10.121 -> 64.12.202.43:443: 1 Time(s)
    95.25.10.121 -> 64.12.202.50:443: 1 Time(s)
    95.25.45.157 -> 205.188.251.11:443: 2 Time(s)
    95.25.45.157 -> 205.188.251.16:443: 2 Time(s)
    95.25.45.157 -> 205.188.251.1:443: 2 Time(s)
    95.25.45.157 -> 205.188.251.21:443: 2 Time(s)
    95.25.45.157 -> 205.188.251.26:443: 2 Time(s)
    95.25.45.157 -> 205.188.251.31:443: 2 Time(s)
    95.25.45.157 -> 205.188.251.36:443: 2 Time(s)
    95.25.45.157 -> 205.188.251.6:443: 2 Time(s)
    95.25.45.157 -> 64.12.202.116:443: 3 Time(s)
    95.25.45.157 -> 64.12.202.15:443: 2 Time(s)
    95.25.45.157 -> 64.12.202.1:443: 2 Time(s)
    95.25.45.157 -> 64.12.202.22:443: 2 Time(s)
    95.25.45.157 -> 64.12.202.29:443: 2 Time(s)
    95.25.45.157 -> 64.12.202.36:443: 2 Time(s)
    95.25.45.157 -> 64.12.202.43:443: 3 Time(s)
    95.25.45.157 -> 64.12.202.50:443: 3 Time(s)
    95.25.45.157 -> 64.12.202.8:443: 2 Time(s)
    95.26.235.217 -> 205.188.251.11:443: 2 Time(s)
    95.26.235.217 -> 205.188.251.16:443: 2 Time(s)
    95.26.235.217 -> 205.188.251.1:443: 2 Time(s)
    95.26.235.217 -> 205.188.251.21:443: 2 Time(s)
    95.26.235.217 -> 205.188.251.26:443: 2 Time(s)
    95.26.235.217 -> 205.188.251.31:443: 2 Time(s)
    95.26.235.217 -> 205.188.251.36:443: 1 Time(s)
    95.26.235.217 -> 205.188.251.6:443: 2 Time(s)
    95.26.235.217 -> 64.12.202.116:443: 1 Time(s)
    95.26.235.217 -> 64.12.202.15:443: 2 Time(s)
    95.26.235.217 -> 64.12.202.1:443: 2 Time(s)
    95.26.235.217 -> 64.12.202.22:443: 2 Time(s)
    95.26.235.217 -> 64.12.202.29:443: 2 Time(s)
    95.26.235.217 -> 64.12.202.36:443: 2 Time(s)
    95.26.235.217 -> 64.12.202.43:443: 1 Time(s)
    95.26.235.217 -> 64.12.202.50:443: 1 Time(s)
    95.26.235.217 -> 64.12.202.8:443: 2 Time(s)

the question is, should I be alarmed, because I fail to interpret if they could use mod_proxy to connect to these sites?

There a tool that runs under Linux that allows audit any activity or attempted attack on my apache server?

Thanks & Regards
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux