I guess hacker me - URGENT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, 2006-01-30 at 12:17, Adriano Frare wrote:
> I use Centos 4.2 with all service pack installed. I verified traffic on 
> link WEB and I see port TCP 80 with many traffic.
> 
> I accessed lod /var/log/httpd/access_log and show below.
> 
> ca.com/members/index.php HTTP/1.0" 401 - 
> "http://members.sapphicerotica.com/members/index.php"; "Mozilla/5.0 ( 
> compatible; MSIE 5.01; Windows XP; NetCaptor )"
> 68.119.110.138 - - [30/Jan/2006:15:08:08 -0200] "GET 
> http://211.115.101.253/config/login?.done=http://smallbusiness.yahoo.com/services/index.php&.src=sbs&login=NsyncAngel9&passwd=xxxx
> HTTP/1.0" 200 9794 "-" "-"
> 
> I guess that hacker is using my SERVR APACHE to PROXY.

The stock httpd.conf should have the
#ProxyRequests On
entry commented out as above.  If you need to have it enabled
you should control access with 'allow from' directives:
http://httpd.apache.org/docs/2.0/mod/mod_proxy.html

-- 
  Les Mikesell
   lesmikesell@xxxxxxxxx



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux