httpd mod proxy?
Cameron Simpson
cs at zip.com.au
Mon Dec 19 00:31:18 UTC 2005
On 18Dec2005 08:21, Harold Hallikainen <harold at hallikainen.com> wrote:
| I keep finding stuff like this in my logs. Is there any danger? If so,
| what should I do to stop it?
[...]
| --------------------- httpd Begin ------------------------
| Connection attempts using mod_proxy:
| 218.167.96.35 -> smtp.rol.ru:25: 1 Time(s)
Yeah, sounds like someone if exploiting your httpd's mod_proxy config
to try to send spam (port 25 is SMTP, the simple mail transfer protocol).
I presume this is on a public web server. Such things should not have proxies
on them, or at least have the proxying VERY VERY VERY restricted.
Can you elaborate more on your setup?
Cheers,
--
Cameron Simpson <cs at zip.com.au> DoD#743
http://www.cskk.ezoshosting.com/cs/
Me, I'm still finding it hard to come to terms with the notion that there
wasn't Jell-o at the Last Supper. - silver at xrtll.uucp (Hi Ho Silver)
More information about the Redhat-install-list
mailing list