httpd mod proxy?
cs at zip.com.au
cs at zip.com.au
Mon Dec 19 23:10:50 UTC 2005
On 18Dec2005 23:01, Harold Hallikainen <harold at hallikainen.com> wrote:
| > On 18Dec2005 08:21, Harold Hallikainen <harold at hallikainen.com> wrote:
| > | I keep finding stuff like this in my logs. Is there any danger? If so,
| > | what should I do to stop it?
| > [...]
| > | --------------------- httpd Begin ------------------------
| > | Connection attempts using mod_proxy:
| > | 218.167.96.35 -> smtp.rol.ru:25: 1 Time(s)
| >
| > Yeah, sounds like someone if exploiting your httpd's mod_proxy config
| > to try to send spam (port 25 is SMTP, the simple mail transfer protocol).
| > I presume this is on a public web server. Such things should not have
| > proxies
| > on them, or at least have the proxying VERY VERY VERY restricted.
| >
| > Can you elaborate more on your setup?
|
| It's the default installation of FC4.
Exposed to the net? Did you turn this on yourself?
| It looks like it's an attempt at
| using mod_proxy, but not a successful attempt, right?
Well, maybe. But what about the possible _successful_ attempts?
I would have a good look at your access logs.
I'd also lock down your apache to listen only on 127.0.0.1 unless you're
really using it as a public web server.
--
Cameron Simpson <cs at zip.com.au> DoD#743
http://www.cskk.ezoshosting.com/cs/
Principles have no real force except when one is well fed. - Mark Twain
More information about the Redhat-install-list
mailing list