[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Spaming through Apache?

Subject: [cobalt-security] Spaming through Apache?
From: "lists" <lists@xxxxxxxxxxxxxxxx>
Date: Mon, 23 Feb 2004 08:03:59 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Over the past month or so Ive seen many logs like this in my access logs:

removed.hostname proxyscan2.isomedia.com - - [23/Feb/2004:07:23:05 -0500]
"CONNECT 66.114.137.17:25 HTTP/1.0" 302 217 "-" "-"
removed.hostname proxyscan2.isomedia.com - - [23/Feb/2004:07:23:06 -0500]
"POST http://66.114.137.17:25/ HTTP/1.0" 302 217 "-" "$

Now I just checked my servers ip, and its has been blacklisted because of
spammers using it..  Now I know every customer of mine, and I checked them
out and no one has any mails scripts like that installed so.. This only
happens when I see those logs in my apache logs..

Any ideas where to go to look for a fix for this problem?? At first I
thought nothing of it because it looks like many of the emails end back up
bounced in my admin mbox, but I guess a shitload gets through..

Any ideas would help!!

Thanks
Dave

Follow-Ups:
- RE: [cobalt-security] Spaming through Apache?
  - From: Jelmer Jellema

References:
- RE: [cobalt-security] Defunct
  - From: Wai Chong, Wong

Prev by Date: RE: [cobalt-security] Defunct
Next by Date: RE: [cobalt-security] Defunct
Previous by thread: RE: [cobalt-security] Defunct
Next by thread: RE: [cobalt-security] Spaming through Apache?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index