[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Proxy Abuse via Apache httpd Exploit?
- Subject: RE: [cobalt-security] Proxy Abuse via Apache httpd Exploit?
- From: "Mark" <mark@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 20 Jun 2001 22:29:30 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi John
I am writing out of sympathy rather than advice. I asked the same question a few months ago and got a few reasonable sounding suggestions. None worked. Neither did the ones I dreamt up. In the end I gave up, and am resigned to the fact that happens - I don't like it, but can't seem to stop it.
Regards
Mark
>
> I've noticed that my httpd error and access logs show traces that users
> are proxying through one of my servers. I have made sure that proxying
> is turned off in my httpd.conf file. Here is a sample of what I am
> seeing in my access log file for httpd....
>
> ns1.mysite.com 12.21.139.93 - - [19/Jun/2001:23:37:48 -0400] "HEAD
> http://www.ideepthroat.com/members/members.html HTTP/1.0" 302 0
> "http://www.ideepthroat.com/members/members.html" "Mozilla/4.72 (
> compatible; MSIE 5.5; Windows 95; DigiExt )"
>
> I noticed a prior posting titled "proxy abuse/porn-site banner-ad
> impression scripts" but no responses were given.
>
> If anyone knows how to stop this proxying from happening I would love
> to know how. Has anyone else had this problem? This server is a
> Cobalt Raq3 with all the latest patches. I am pretty sure that this
> server was hacked some time ago. I just want to figure out how to
> limit this proxying so it doesn't happen again.
>
> Any help would be appreciated.
>
> Thanks,
>
> John