apache allowing POSTs to offsite IP

Mailing List

Home

Forum Home

Linux - General Red Hat Linux discussion list

Installation - Getting started with Red Hat Linux

Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)

Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)

Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)

Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)

Apache Web Server

Oracle database, Microsoft SQL server ...

Subjects

•	Subject: application/x mplayer2 plugin
•	RPM error: db4 error(16) from dbenv >remove: Device or resource busy
•	Command stream end of file while reading
•	Subject: X Windows problem (xauth)
•	Subject: Upgrading openoffice 1 1 rpm
•	Subject: FTP: connection refused
•	Subject: FTP: connection refused
•	mount: /dev/cdrom: is not a valid block device
•	Dell Precision 650, RedHat 9, no sound
•	how to trace the cause resulting in the crash of bind server
•	Virus on the list
•	UNINSTALL RPM MYSQL
•	usb pen drives: mounting as a user
•	Subject: broadcom network interface
•	make mrproper
•	Couldn 't open PID file /var/run/named/named pid Permission denied
•	sendmail configuration on redhat
•	kernel 2 6 and /dev/sound/mixer not found
•	Subject: Promise 378 controller
•	Subject: Problem using up2date
•	mrtg step by step howto/configuration for a newbie?
•	Compiling and Installing Kernel 2 6
•	Can 't locate module ppp0, can 't locate module ppp compress 21
•	Subject: Lotus Notes under Wine
•	HOW I CAN MAKE BOOTABLE FLOPPY DISKET
•	/etc/security/limits conf question
•	Intel E/1000 driver
•	rpm database corrupt
•	Command stream end of file while reading
•	qla2300 modules

apache allowing POSTs to offsite IP

apache allowing POSTs to offsite IP

2003-05-16 - By Kevin Weslowski

Back

Reply: 1 2 3 4 5 6 7 8 9

Hi all,

in my apache access logs, a someone has been POSTing (and succeeding)
through my server, to another IP, but to their port 25...there has been
reports from the ISP of the IP being attacked that WE have been spamming
them, which isn't true since we don't even have sendmail running or port
25 open;

snip:

66.164.26.66 - - [16/May/2003:16:23:28 -0600] "POST
http://142.165.49.56:25/ HTTP/1.1" 200 375
66.164.26.66 - - [16/May/2003:16:23:28 -0600] "QUIT" 403 -
66.164.26.66 - - [16/May/2003:16:27:21 -0600] "POST
http://142.165.49.6:25/ HTTP/1.1" 200 1008
66.164.26.66 - - [16/May/2003:16:27:39 -0600] "POST
http://142.165.49.6:25/ HTTP/1.1" 200 1024
66.164.26.66 - - [16/May/2003:16:27:58 -0600] "POST
http://142.165.49.6:25/ HTTP/1.1" 200 1000
66.164.17.103 - - [16/May/2003:16:29:34 -0600] "POST
http://142.165.49.6:25/ HTTP/1.1" 200 1016
66.164.17.103 - - [16/May/2003:16:30:07 -0600] "POST
http://142.165.49.6:25/ HTTP/1.1" 200 1016

first, has any one seen these types of "proxy" POSTs? what do they mean?

we've tried denying access to 66.164.* but he's still able to send the
POSTs...probably because they're not directed at my server...so I how do
I stop this "proxy" use of my (apache 1.3.27) server?

any help would be much appreciated...thanks.

Kevin