From owner-freebsd-questions@FreeBSD.ORG Wed May 14 08:05:33 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A360D37B401 for ; Wed, 14 May 2003 08:05:33 -0700 (PDT) Received: from mail.foster.cc (12-230-65-156.client.attbi.com [12.230.65.156]) by mx1.FreeBSD.org (Postfix) with ESMTP id 10A9843FBD for ; Wed, 14 May 2003 08:05:33 -0700 (PDT) (envelope-from mark@foster.cc) Received: from ip-216-73-140-100.vantas.net ([216.73.140.100] helo=gentoo1.lan.enic.cc) by mail.foster.cc with asmtp (Exim 3.36 #1) id 19Fxos-0001OA-00 for freebsd-questions@freebsd.org; Wed, 14 May 2003 08:05:26 -0700 From: Mark Foster To: freebsd-questions@freebsd.org In-Reply-To: <20030514123736.5d04c5b0.flynn@energyhq.es.eu.org> References: <3EC21B2D.8070503@ukr.net> <20030514123736.5d04c5b0.flynn@energyhq.es.eu.org> Content-Type: text/plain; charset=ISO-8859-1 Organization: Message-Id: <1052924650.24856.14.camel@gentoo1.enic.cc> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.2- Date: 14 May 2003 08:04:10 -0700 Content-Transfer-Encoding: 8bit Subject: Re: Apache log X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2003 15:05:34 -0000 The 200 result code (SUCCESS) is a little troubling, though. Make sure you are not running a open-proxy. I would think that response should be 403 or something similar, to indicate they were denied access. Also, you might simulate what they are doing to see what is really happening... 'telnet 80', then type CONNECT smtp.rol.ru:25 HTTP/1.0 What do you see? On Wed, 2003-05-14 at 03:37, Miguel Mendez wrote: > On Wed, 14 May 2003 13:32:13 +0300 > Игорь wrote: > > > Hi, > > > Good day to all! > > i`ve red my apache log and found next strings... > > ..... > > > > 69.31.32.42 - - [14/May/2003:04:47:32 +0000] "CONNECT smtp.rol.ru:25 > > HTTP/1.0" 200 10022 > > 69.31.32.42 - - [14/May/2003:05:46:50 +0000] "CONNECT 64.12.136.217:25 > > HTTP/1.0" 200 10022 > > 69.31.32.42 - - [14/May/2003:06:27:22 +0000] "CONNECT 64.12.138.57:25 > > HTTP/1.0" 200 10022 > > ..... > > > > i`m think about this for a long time but can`t get what is it means! > > usualy its get or post requests,is someone trying to send mail throo > > my server? > > Someone (probably a spammer) looking for an open proxy. I get lots of > those too. If/When they bother me enough I ipf them out. Nothing to > worry about except the annoyance of them filling your logs. > > Cheers,