[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Proxy Abuse via Apache httpd Exploit?

Subject: [cobalt-security] Proxy Abuse via Apache httpd Exploit?
From: John Mehan <jmehan@xxxxxxxxx>
Date: Tue, 19 Jun 2001 20:50:53 -0700 (PDT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi,

I've noticed that my httpd error and access logs show traces that users
are proxying through one of my servers.  I have made sure that proxying
is turned off in my httpd.conf file.  Here is a sample of what I am
seeing in my access log file for httpd....

ns1.mysite.com 12.21.139.93 - - [19/Jun/2001:23:37:48 -0400] "HEAD
http://www.ideepthroat.com/members/members.html HTTP/1.0" 302 0
"http://www.ideepthroat.com/members/members.html"; "Mozilla/4.72 (
compatible; MSIE 5.5; Windows 95; DigiExt )"

I noticed a prior posting titled "proxy abuse/porn-site banner-ad
impression scripts" but no responses were given.  

If anyone knows how to stop this proxying from happening I would love
to know how.  Has anyone else had this problem?  This server is a
Cobalt Raq3 with all the latest patches.  I am pretty sure that this
server was hacked some time ago.  I just want to figure out how to
limit this proxying so it doesn't happen again.

Any help would be appreciated.

Thanks,

John




__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/

Follow-Ups:
- RE: [cobalt-security] Proxy Abuse via Apache httpd Exploit?
  - From: Mark

Prev by Date: Auto-Reply to: [cobalt-security] Auto-Reply to
Next by Date: [cobalt-security] Auto-Reply to: Auto-Reply to: [cobalt-security
Previous by thread: Auto-Reply to: [cobalt-security] Auto-Reply to
Next by thread: RE: [cobalt-security] Proxy Abuse via Apache httpd Exploit?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index