Hello list Using CentOS 5.4 version of apache httpd-2.2.3-31.el5. I have several virtualhost and one of the virtualhost, use mod_proxy to serve a web site I have running on Windows 2003, this server is not available online, it is an internal server. Reviewing the messages I found Logwatch who have tried to use my server through the same mod_proxy to connect to other servers or sites. Connection attempts using mod_proxy: 95.25.10.121 -> 205.188.251.11:443: 1 Time(s) 95.25.10.121 -> 205.188.251.16:443: 1 Time(s) 95.25.10.121 -> 205.188.251.21:443: 1 Time(s) 95.25.10.121 -> 205.188.251.26:443: 1 Time(s) 95.25.10.121 -> 205.188.251.31:443: 1 Time(s) 95.25.10.121 -> 205.188.251.36:443: 1 Time(s) 95.25.10.121 -> 64.12.202.116:443: 1 Time(s) 95.25.10.121 -> 64.12.202.43:443: 1 Time(s) 95.25.10.121 -> 64.12.202.50:443: 1 Time(s) 95.25.45.157 -> 205.188.251.11:443: 2 Time(s) 95.25.45.157 -> 205.188.251.16:443: 2 Time(s) 95.25.45.157 -> 205.188.251.1:443: 2 Time(s) 95.25.45.157 -> 205.188.251.21:443: 2 Time(s) 95.25.45.157 -> 205.188.251.26:443: 2 Time(s) 95.25.45.157 -> 205.188.251.31:443: 2 Time(s) 95.25.45.157 -> 205.188.251.36:443: 2 Time(s) 95.25.45.157 -> 205.188.251.6:443: 2 Time(s) 95.25.45.157 -> 64.12.202.116:443: 3 Time(s) 95.25.45.157 -> 64.12.202.15:443: 2 Time(s) 95.25.45.157 -> 64.12.202.1:443: 2 Time(s) 95.25.45.157 -> 64.12.202.22:443: 2 Time(s) 95.25.45.157 -> 64.12.202.29:443: 2 Time(s) 95.25.45.157 -> 64.12.202.36:443: 2 Time(s) 95.25.45.157 -> 64.12.202.43:443: 3 Time(s) 95.25.45.157 -> 64.12.202.50:443: 3 Time(s) 95.25.45.157 -> 64.12.202.8:443: 2 Time(s) 95.26.235.217 -> 205.188.251.11:443: 2 Time(s) 95.26.235.217 -> 205.188.251.16:443: 2 Time(s) 95.26.235.217 -> 205.188.251.1:443: 2 Time(s) 95.26.235.217 -> 205.188.251.21:443: 2 Time(s) 95.26.235.217 -> 205.188.251.26:443: 2 Time(s) 95.26.235.217 -> 205.188.251.31:443: 2 Time(s) 95.26.235.217 -> 205.188.251.36:443: 1 Time(s) 95.26.235.217 -> 205.188.251.6:443: 2 Time(s) 95.26.235.217 -> 64.12.202.116:443: 1 Time(s) 95.26.235.217 -> 64.12.202.15:443: 2 Time(s) 95.26.235.217 -> 64.12.202.1:443: 2 Time(s) 95.26.235.217 -> 64.12.202.22:443: 2 Time(s) 95.26.235.217 -> 64.12.202.29:443: 2 Time(s) 95.26.235.217 -> 64.12.202.36:443: 2 Time(s) 95.26.235.217 -> 64.12.202.43:443: 1 Time(s) 95.26.235.217 -> 64.12.202.50:443: 1 Time(s) 95.26.235.217 -> 64.12.202.8:443: 2 Time(s) the question is, should I be alarmed, because I fail to interpret if they could use mod_proxy to connect to these sites? There a tool that runs under Linux that allows audit any activity or attempted attack on my apache server? Thanks & Regards |