httpd mod proxy?

Harold Hallikainen harold at hallikainen.com
Tue Dec 20 17:10:51 UTC 2005


> On 18Dec2005 23:01, Harold Hallikainen <harold at hallikainen.com> wrote:
> | > On 18Dec2005 08:21, Harold Hallikainen <harold at hallikainen.com> wrote:
> | > | I keep finding stuff like this in my logs. Is there any danger? If
> so,
> | > | what should I do to stop it?
> | > [...]
> | > | --------------------- httpd Begin ------------------------
> | > |  Connection attempts using mod_proxy:
> | > |     218.167.96.35 -> smtp.rol.ru:25: 1 Time(s)
> | >
> | > Yeah, sounds like someone if exploiting your httpd's mod_proxy config
> | > to try to send spam (port 25 is SMTP, the simple mail transfer
> protocol).
> | > I presume this is on a public web server. Such things should not have
> | > proxies
> | > on them, or at least have the proxying VERY VERY VERY restricted.
> | >
> | > Can you elaborate more on your setup?
> |
> | It's the default installation of FC4.
>
> Exposed to the net? Did you turn this on yourself?
>
> | It looks like it's an attempt at
> | using mod_proxy, but not a successful attempt, right?
>
> Well, maybe. But what about the possible _successful_ attempts?
> I would have a good look at your access logs.
> I'd also lock down your apache to listen only on 127.0.0.1 unless you're
> really using it as a public web server.
> --
> Cameron Simpson <cs at zip.com.au> DoD#743
> http://www.cskk.ezoshosting.com/cs/
>


Thanks for the comments! Yes, it's an open web server (and meant to be). I
guess I need to dig through httpd.conf and related files to see where one
turns off mod_proxy... Any hints?

By the way, on my other project for this week, I'm STILL having trouble
with pap authentication on mgetty+sendfax and pppd. The logs indicate pppd
can't find a pap secret for the user logging in. I've TRIED to tell it to
use the shadow password file, but haven't gotten it to work yet. None of
the tutorials I've found seem to deal with the system as distributed in
FC4.

THANKS to all!

Harold


-- 




More information about the Redhat-install-list mailing list