Skip site navigation (1)Skip section navigation (2)
Date:      14 May 2003 08:04:10 -0700
From:      Mark Foster <mark@foster.cc>
To:        freebsd-questions@freebsd.org
Subject:   Re: Apache log
Message-ID:  <1052924650.24856.14.camel@gentoo1.enic.cc>
In-Reply-To: <20030514123736.5d04c5b0.flynn@energyhq.es.eu.org>
References:  <3EC21B2D.8070503@ukr.net> <20030514123736.5d04c5b0.flynn@energyhq.es.eu.org>

next in thread | previous in thread | raw e-mail | index | archive | help
The 200 result code (SUCCESS) is a little troubling, though. Make sure
you are not running a open-proxy. I would think that response should be
403 or something similar, to indicate they were denied access.

Also, you might simulate what they are doing to see what is really
happening... 'telnet <apachebox> 80', then type
CONNECT smtp.rol.ru:25 HTTP/1.0<enter><enter>

What do you see?

On Wed, 2003-05-14 at 03:37, Miguel Mendez wrote:
> On Wed, 14 May 2003 13:32:13 +0300
> Игорь <Imrir@ukr.net> wrote:
> 
> 
> Hi,
>  
> > Good day to all!
> > 	i`ve red my apache log and found next strings...
> > .....
> > 
> > 69.31.32.42 - - [14/May/2003:04:47:32 +0000] "CONNECT smtp.rol.ru:25 
> > HTTP/1.0" 200 10022
> > 69.31.32.42 - - [14/May/2003:05:46:50 +0000] "CONNECT 64.12.136.217:25
> > HTTP/1.0" 200 10022
> > 69.31.32.42 - - [14/May/2003:06:27:22 +0000] "CONNECT 64.12.138.57:25 
> > HTTP/1.0" 200 10022
> > .....
> > 
> > i`m think about this for a long time but can`t get what is it means!
> > usualy its get or post requests,is someone trying to send mail throo
> > my server?
> 
> Someone (probably a spammer) looking for an open proxy. I get lots of
> those too. If/When they bother me enough I ipf them out. Nothing to
> worry about except the annoyance of them filling your logs.
> 
> Cheers,



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1052924650.24856.14.camel>