From owner-freebsd-questions@FreeBSD.ORG Thu Nov 17 14:51:23 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5E91916A41F for ; Thu, 17 Nov 2005 14:51:23 +0000 (GMT) (envelope-from dick@nagual.st) Received: from nagual.st (cc20684-a.assen1.dr.home.nl [82.74.2.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5447D43D49 for ; Thu, 17 Nov 2005 14:51:22 +0000 (GMT) (envelope-from dick@nagual.st) Received: from localhost (localhost [127.0.0.1]) (uid 1000) by nagual.st with local; Thu, 17 Nov 2005 15:51:21 +0100 id 00039827.437C98E9.000081A3 Date: Thu, 17 Nov 2005 15:51:21 +0100 To: freebsd-questions Message-ID: <20051117145120.GA33150@lothlorien.nagual.st> References: <20051116225606.GA28421@lothlorien.nagual.st> <437C1B79.3000106@alphaque.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline In-Reply-To: <437C1B79.3000106@alphaque.com> User-Agent: Mutt/1.4.2.1i From: dick hoogendijk Subject: Re: strange msg lines.. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Nov 2005 14:51:23 -0000 On 17 Nov Dinesh Nair wrote: > > On 11/17/05 06:56 dick hoogendijk said the following: > >These are not normal requests to my apache server. But it seems to > >"listen" to them. Am I 'in danger?' > > apparently, the nameservers responsible for those domains are returning > your IP address to a DNS query. all the sites seem to share the same DNS > provider, so you could try getting in touch with them. No way. foto-porno-amatoriale.com ; puttane-grandi-tette.com ; video-porno-anale.com ALL resolve to different IP's when checked with "host foto....com" etc.. I don't understand why all of a sudden all kind of computers try to contact these porno sites and do this on my IP. The dns'es seem to be OK, so this shouldn't happen then..? And because it's a normal http request it can't be blocked? Or can I make the apache module "mod_security" do something like filtering for me? Apart for the logfile to grow there is no danger as I understand, but still, any help would be appreciated. -- dick -- http://nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 6.0 +++ The Power to Serve