From owner-freebsd-questions@FreeBSD.ORG Fri Apr 7 19:20:51 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 406B716A402 for ; Fri, 7 Apr 2006 19:20:51 +0000 (UTC) (envelope-from fbsd_user@a1poweruser.com) Received: from mta11.adelphia.net (mta11.adelphia.net [68.168.78.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id D06ED43D46 for ; Fri, 7 Apr 2006 19:20:50 +0000 (GMT) (envelope-from fbsd_user@a1poweruser.com) Received: from barbish ([70.39.69.56]) by mta11.adelphia.net (InterMail vM.6.01.05.02 201-2131-123-102-20050715) with SMTP id <20060407192050.VJIT12719.mta11.adelphia.net@barbish>; Fri, 7 Apr 2006 15:20:50 -0400 From: "fbsd_user" To: "Robert Huff" , "freebsd-questions@FreeBSD. ORG" Date: Fri, 7 Apr 2006 15:20:44 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <17462.47412.848744.740663@jerusalem.litteratus.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478 Importance: Normal Cc: Subject: RE: web server attack X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: fbsd_user@a1poweruser.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Apr 2006 19:20:51 -0000 mod_security is in the ports collection -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Robert Huff Sent: Friday, April 07, 2006 3:11 PM To: freebsd-questions@FreeBSD. ORG Subject: Re: web server attack Frank Laszlo writes: > >> Does anyone know what this is and what I can do to stop it > >> besides adding the ip address to my firewall block rules? > > > > I suppose that someone is trying to exploit mod_proxy to connect to an > > SMTP server (that's the "CONNECT 4.79.181.15:25" part), or at least > > get HTTP replies back. > > Setup mod_security to block that type of request. Any chance you > can capture some packets and send a link? I'd like to take a look > at it. Running apache-2.2, I don't seem to have _security among the modules. Do I need to change my config (and rebuild), or does it perhaps go by another name in this version? Robert Huff _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"