[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Spaming through Apache?

Subject: Re: [cobalt-security] Spaming through Apache?
From: "lists" <lists@xxxxxxxxxxxxxxxx>
Date: Tue, 24 Feb 2004 07:10:23 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Not showing that in any conf files..Hmmm


----- Original Message ----- 
From: "Jelmer Jellema" <lists@xxxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Tuesday, February 24, 2004 3:56 AM
Subject: RE: [cobalt-security] Spaming through Apache?


> Dear Dave,
>
> It looks like you are running a proxy. I don't know if this is
intentional.
> Through a proxy, a lot of people can do mean things.
>
> Check out http://httpd.apache.org/docs/mod/mod_proxy.html#allowconnect
>
> Do you have a AllowConnect 25 somewhere? Remove it, you should not use it.
>
> If you do not need the proxy, remove it.
>
> I've never used it, so this is a bit of a guess. Thought you could do with
> some random thoughts though,
>
> Good luck,
> Jelmer
>
> -----------------------------------------------------------------
> Jelmer Jellema - Spin in het Web
> http://www.spininhetweb.nl
> Spin in het Web: Alle Touwtjes In Handen
> -----------------------------------------------------------------
>
>
> > -----Oorspronkelijk bericht-----
> > Van: cobalt-security-admin@xxxxxxxxxxxxxxx
> > [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx] Namens lists
> > Verzonden: maandag 23 februari 2004 14:04
> > Aan: cobalt-security@xxxxxxxxxxxxxxx
> > Onderwerp: [cobalt-security] Spaming through Apache?
> >
> >
> > Over the past month or so Ive seen many logs like this in my
> > access logs:
> >
> > removed.hostname proxyscan2.isomedia.com - -
> > [23/Feb/2004:07:23:05 -0500]
> > "CONNECT 66.114.137.17:25 HTTP/1.0" 302 217 "-" "-"
> > removed.hostname proxyscan2.isomedia.com - -
> > [23/Feb/2004:07:23:06 -0500]
> > "POST http://66.114.137.17:25/ HTTP/1.0" 302 217 "-" "$
> >
> > Now I just checked my servers ip, and its has been
> > blacklisted because of
> > spammers using it..  Now I know every customer of mine, and I
> > checked them
> > out and no one has any mails scripts like that installed so..
> > This only
> > happens when I see those logs in my apache logs..
> >
> > Any ideas where to go to look for a fix for this problem?? At first I
> > thought nothing of it because it looks like many of the
> > emails end back up
> > bounced in my admin mbox, but I guess a shitload gets through..
> >
> > Any ideas would help!!
> >
> > Thanks
> > Dave
> >
> > _______________________________________________
> > cobalt-security mailing list
> > cobalt-security@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-security
> >
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>

References:
- RE: [cobalt-security] Spaming through Apache?
  - From: Jelmer Jellema

Prev by Date: {Scanned} RE: {Scanned} RE: [cobalt-security] Spaming through Apache?
Next by Date: [cobalt-security] pperld running?
Previous by thread: {Scanned} RE: {Scanned} RE: [cobalt-security] Spaming through Apache?
Next by thread: RE: [cobalt-security] Defunct

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index