[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: apache allowing POSTs to offsite IP
- From: "Steven J. Yellin" <yellin SLAC Stanford EDU>
- To: seawolf-list redhat com
- Subject: Re: apache allowing POSTs to offsite IP
- Date: Fri, 16 May 2003 20:40:03 -0700 (PDT)
It seems to me that if your log file shows posts from 66.164.26.66,
that's what your firewall should think the source is, too. So I don't
understand why setting your firewall to block everything from 66.164.26.66
didn't keep that particular IP away from everything in your computer,
including the web server.
If for some reason you can't have your firewall protect your computer
from being misused, and nobody on this list can say how to do what's
needed with your apache configuration file, try the mailing list "for
users of the Apache HTTP Server to discuss Apache and help each other":
http://httpd.apache.org/userslist.html .
On Fri, 16 May 2003, Kevin Weslowski wrote:
> Hi all,
>
> in my apache access logs, a someone has been POSTing (and succeeding)
> through my server, to another IP, but to their port 25...there has been
> reports from the ISP of the IP being attacked that WE have been spamming
> them, which isn't true since we don't even have sendmail running or port
> 25 open;
>
> snip:
>
> 66.164.26.66 - - [16/May/2003:16:23:28 -0600] "POST
> http://142.165.49.56:25/ HTTP/1.1" 200 375
> 66.164.26.66 - - [16/May/2003:16:23:28 -0600] "QUIT" 403 -
> 66.164.26.66 - - [16/May/2003:16:27:21 -0600] "POST
> http://142.165.49.6:25/ HTTP/1.1" 200 1008
> 66.164.26.66 - - [16/May/2003:16:27:39 -0600] "POST
> http://142.165.49.6:25/ HTTP/1.1" 200 1024
> 66.164.26.66 - - [16/May/2003:16:27:58 -0600] "POST
> http://142.165.49.6:25/ HTTP/1.1" 200 1000
> 66.164.17.103 - - [16/May/2003:16:29:34 -0600] "POST
> http://142.165.49.6:25/ HTTP/1.1" 200 1016
> 66.164.17.103 - - [16/May/2003:16:30:07 -0600] "POST
> http://142.165.49.6:25/ HTTP/1.1" 200 1016
>
> first, has any one seen these types of "proxy" POSTs? what do they mean?
>
> we've tried denying access to 66.164.* but he's still able to send the
> POSTs...probably because they're not directed at my server...so I how do
> I stop this "proxy" use of my (apache 1.3.27) server?
>
> any help would be much appreciated...thanks.
>
> Kevin
>
>
> _______________________________________________
> Seawolf-list mailing list
> Seawolf-list redhat com
> https://www.redhat.com/mailman/listinfo/seawolf-list
>
--
Steven Yellin
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]