httpd mod proxy?
Harold Hallikainen
harold at hallikainen.com
Mon Dec 19 07:01:19 UTC 2005
> On 18Dec2005 08:21, Harold Hallikainen <harold at hallikainen.com> wrote:
> | I keep finding stuff like this in my logs. Is there any danger? If so,
> | what should I do to stop it?
> [...]
> | --------------------- httpd Begin ------------------------
> | Connection attempts using mod_proxy:
> | 218.167.96.35 -> smtp.rol.ru:25: 1 Time(s)
>
> Yeah, sounds like someone if exploiting your httpd's mod_proxy config
> to try to send spam (port 25 is SMTP, the simple mail transfer protocol).
>
> I presume this is on a public web server. Such things should not have
> proxies
> on them, or at least have the proxying VERY VERY VERY restricted.
>
> Can you elaborate more on your setup?
>
> Cheers,
> --
> Cameron Simpson <cs at zip.com.au> DoD#743
> http://www.cskk.ezoshosting.com/cs/
>
It's the default installation of FC4. It looks like it's an attempt at
using mod_proxy, but not a successful attempt, right?
THANKS!
Harold
--
FCC Rules Updated Daily at http://www.hallikainen.com
More information about the Redhat-install-list
mailing list