[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Proxy Abuse via Apache httpd Exploit?
- Subject: [cobalt-security] Proxy Abuse via Apache httpd Exploit?
- From: John Mehan <jmehan@xxxxxxxxx>
- Date: Tue, 19 Jun 2001 20:50:53 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi,
I've noticed that my httpd error and access logs show traces that users
are proxying through one of my servers. I have made sure that proxying
is turned off in my httpd.conf file. Here is a sample of what I am
seeing in my access log file for httpd....
ns1.mysite.com 12.21.139.93 - - [19/Jun/2001:23:37:48 -0400] "HEAD
http://www.ideepthroat.com/members/members.html HTTP/1.0" 302 0
"http://www.ideepthroat.com/members/members.html" "Mozilla/4.72 (
compatible; MSIE 5.5; Windows 95; DigiExt )"
I noticed a prior posting titled "proxy abuse/porn-site banner-ad
impression scripts" but no responses were given.
If anyone knows how to stop this proxying from happening I would love
to know how. Has anyone else had this problem? This server is a
Cobalt Raq3 with all the latest patches. I am pretty sure that this
server was hacked some time ago. I just want to figure out how to
limit this proxying so it doesn't happen again.
Any help would be appreciated.
Thanks,
John
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/