[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Spaming through Apache?

Subject: RE: [cobalt-security] Spaming through Apache?
From: "Jelmer Jellema" <lists@xxxxxxxxxxxxxxx>
Date: Tue, 24 Feb 2004 09:56:17 +0100
Organization: Spin in het Web www.spininhetweb.nl
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Dear Dave,

It looks like you are running a proxy. I don't know if this is intentional.
Through a proxy, a lot of people can do mean things.

Check out http://httpd.apache.org/docs/mod/mod_proxy.html#allowconnect

Do you have a AllowConnect 25 somewhere? Remove it, you should not use it.

If you do not need the proxy, remove it.

I've never used it, so this is a bit of a guess. Thought you could do with
some random thoughts though,

Good luck,
Jelmer

-----------------------------------------------------------------
Jelmer Jellema - Spin in het Web
http://www.spininhetweb.nl
Spin in het Web: Alle Touwtjes In Handen
-----------------------------------------------------------------


> -----Oorspronkelijk bericht-----
> Van: cobalt-security-admin@xxxxxxxxxxxxxxx 
> [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx] Namens lists
> Verzonden: maandag 23 februari 2004 14:04
> Aan: cobalt-security@xxxxxxxxxxxxxxx
> Onderwerp: [cobalt-security] Spaming through Apache?
> 
> 
> Over the past month or so Ive seen many logs like this in my 
> access logs:
> 
> removed.hostname proxyscan2.isomedia.com - - 
> [23/Feb/2004:07:23:05 -0500]
> "CONNECT 66.114.137.17:25 HTTP/1.0" 302 217 "-" "-"
> removed.hostname proxyscan2.isomedia.com - - 
> [23/Feb/2004:07:23:06 -0500]
> "POST http://66.114.137.17:25/ HTTP/1.0" 302 217 "-" "$
> 
> Now I just checked my servers ip, and its has been 
> blacklisted because of
> spammers using it..  Now I know every customer of mine, and I 
> checked them
> out and no one has any mails scripts like that installed so.. 
> This only
> happens when I see those logs in my apache logs..
> 
> Any ideas where to go to look for a fix for this problem?? At first I
> thought nothing of it because it looks like many of the 
> emails end back up
> bounced in my admin mbox, but I guess a shitload gets through..
> 
> Any ideas would help!!
> 
> Thanks
> Dave
> 
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>

Follow-Ups:
- {Scanned} RE: {Scanned} RE: [cobalt-security] Spaming through Apache?
  - From: Gavin Nelmes-Crocker
- Re: [cobalt-security] Spaming through Apache?
  - From: lists

References:
- [cobalt-security] Spaming through Apache?
  - From: lists

Prev by Date: [cobalt-security] SSL renewal: Will generating a new CSR screw up current operations?
Next by Date: {Scanned} RE: {Scanned} RE: [cobalt-security] Spaming through Apache?
Previous by thread: [cobalt-security] Spaming through Apache?
Next by thread: {Scanned} RE: {Scanned} RE: [cobalt-security] Spaming through Apache?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index