[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Spaming through Apache?
- Subject: [cobalt-security] Spaming through Apache?
- From: "lists" <lists@xxxxxxxxxxxxxxxx>
- Date: Mon, 23 Feb 2004 08:03:59 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Over the past month or so Ive seen many logs like this in my access logs:
removed.hostname proxyscan2.isomedia.com - - [23/Feb/2004:07:23:05 -0500]
"CONNECT 66.114.137.17:25 HTTP/1.0" 302 217 "-" "-"
removed.hostname proxyscan2.isomedia.com - - [23/Feb/2004:07:23:06 -0500]
"POST http://66.114.137.17:25/ HTTP/1.0" 302 217 "-" "$
Now I just checked my servers ip, and its has been blacklisted because of
spammers using it.. Now I know every customer of mine, and I checked them
out and no one has any mails scripts like that installed so.. This only
happens when I see those logs in my apache logs..
Any ideas where to go to look for a fix for this problem?? At first I
thought nothing of it because it looks like many of the emails end back up
bounced in my admin mbox, but I guess a shitload gets through..
Any ideas would help!!
Thanks
Dave