Well, its not that then - nothing in the access_log from apache. I think I might need to wait until it happens again and do some forensics then. I'm a little concerned that there's something on my box that shouldn't be there, but I've got good commercial AV software running, and very good strong passwords, I'm the only account on there too. It would seem unlikely, but I can't see how anything's getting though the firewall right now.... On Sat, 2007-02-24 at 16:22 +0100, Henrik Nordstrom wrote: > lör 2007-02-24 klockan 15:15 +0000 skrev Paul: > > DAnsGuardian is on 8080 and that's closed to all but my lan. I do have > > 5801 and 5901 open for remote desktop, but I doubt that's a problem. > > Is there a way to misconfigure apache2 to enable open proxy? > > Yes, if you have mod_proxy enabled.. > > you should see this traffic in the Apache access log files if that's the > way if was/is done. > > Regards > Henrik