[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
apache allowing POSTs to offsite IP
- From: Kevin Weslowski <weslowsk accesscomm ca>
- To: seawolf-list redhat com
- Subject: apache allowing POSTs to offsite IP
- Date: Fri, 16 May 2003 16:34:55 -0600
Hi all,
in my apache access logs, a someone has been POSTing (and succeeding)
through my server, to another IP, but to their port 25...there has been
reports from the ISP of the IP being attacked that WE have been spamming
them, which isn't true since we don't even have sendmail running or port
25 open;
snip:
66.164.26.66 - - [16/May/2003:16:23:28 -0600] "POST
http://142.165.49.56:25/ HTTP/1.1" 200 375
66.164.26.66 - - [16/May/2003:16:23:28 -0600] "QUIT" 403 -
66.164.26.66 - - [16/May/2003:16:27:21 -0600] "POST
http://142.165.49.6:25/ HTTP/1.1" 200 1008
66.164.26.66 - - [16/May/2003:16:27:39 -0600] "POST
http://142.165.49.6:25/ HTTP/1.1" 200 1024
66.164.26.66 - - [16/May/2003:16:27:58 -0600] "POST
http://142.165.49.6:25/ HTTP/1.1" 200 1000
66.164.17.103 - - [16/May/2003:16:29:34 -0600] "POST
http://142.165.49.6:25/ HTTP/1.1" 200 1016
66.164.17.103 - - [16/May/2003:16:30:07 -0600] "POST
http://142.165.49.6:25/ HTTP/1.1" 200 1016
first, has any one seen these types of "proxy" POSTs? what do they mean?
we've tried denying access to 66.164.* but he's still able to send the
POSTs...probably because they're not directed at my server...so I how do
I stop this "proxy" use of my (apache 1.3.27) server?
any help would be much appreciated...thanks.
Kevin
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]