[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Spaming through Apache?
- Subject: RE: [cobalt-security] Spaming through Apache?
- From: "Jelmer Jellema" <lists@xxxxxxxxxxxxxxx>
- Date: Tue, 24 Feb 2004 09:56:17 +0100
- Organization: Spin in het Web www.spininhetweb.nl
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Dear Dave,
It looks like you are running a proxy. I don't know if this is intentional.
Through a proxy, a lot of people can do mean things.
Check out http://httpd.apache.org/docs/mod/mod_proxy.html#allowconnect
Do you have a AllowConnect 25 somewhere? Remove it, you should not use it.
If you do not need the proxy, remove it.
I've never used it, so this is a bit of a guess. Thought you could do with
some random thoughts though,
Good luck,
Jelmer
-----------------------------------------------------------------
Jelmer Jellema - Spin in het Web
http://www.spininhetweb.nl
Spin in het Web: Alle Touwtjes In Handen
-----------------------------------------------------------------
> -----Oorspronkelijk bericht-----
> Van: cobalt-security-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx] Namens lists
> Verzonden: maandag 23 februari 2004 14:04
> Aan: cobalt-security@xxxxxxxxxxxxxxx
> Onderwerp: [cobalt-security] Spaming through Apache?
>
>
> Over the past month or so Ive seen many logs like this in my
> access logs:
>
> removed.hostname proxyscan2.isomedia.com - -
> [23/Feb/2004:07:23:05 -0500]
> "CONNECT 66.114.137.17:25 HTTP/1.0" 302 217 "-" "-"
> removed.hostname proxyscan2.isomedia.com - -
> [23/Feb/2004:07:23:06 -0500]
> "POST http://66.114.137.17:25/ HTTP/1.0" 302 217 "-" "$
>
> Now I just checked my servers ip, and its has been
> blacklisted because of
> spammers using it.. Now I know every customer of mine, and I
> checked them
> out and no one has any mails scripts like that installed so..
> This only
> happens when I see those logs in my apache logs..
>
> Any ideas where to go to look for a fix for this problem?? At first I
> thought nothing of it because it looks like many of the
> emails end back up
> bounced in my admin mbox, but I guess a shitload gets through..
>
> Any ideas would help!!
>
> Thanks
> Dave
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>