On Mon, Dec 30, 2002 at 02:20:25PM -0500, Stephen Gran wrote: > Hello all, > > I'm seeing the following in my logs (fairly frequently): > > 66.140.25.156 - - [30/Dec/2002:13:31:21 -0500] "CONNECT 213.92.8.4:6667 > HTTP/1.0" 405 303 "-" "-" > 66.140.25.156 - - [30/Dec/2002:13:31:21 -0500] "POST http://213.92.8.4:6667/ > HTTP/1.0" 405 300 "-" "-" > > (Sorry about the bad wrap) > > What I think this means is that somebody's trying to relay through my > Apache-running server, but is getting 405'd (not available? denied? not > sure), but I wanted to check, because I'm still fairly new to Apache. > > Is this the case, or am I accidentally running a relaying server?
66.140.25.156 is trying to proxy through your server in order to use IRC. Your server is rejecting the attempt. (405 means 'method not allowed'.) A bit of digging shows some interesting information: 66.140.25.156 resolves to stephenson.freenode.net, which resolves to the same IP. Some poking around http://freenode.net/ indicates it's an IRC network. http://freenode.net/irc_servers.shtml lists a bunch of IRC servers, one of which is calvino.freenode.net. 213.92.8.4, the IP 66.140.25.156 was trying to proxy through you to, resolves to calvino.freenode.net which resolves back to the same IP. http://freenode.net/policy.shtml indicates that they automatically check machines that connect to their network to see if they're running open proxies. You aren't, perchance, IRCing from the machine you're seeing these log entries on? It might be an automated test to keep people from connecting through open proxies. -- William Aoki [EMAIL PROTECTED] /"\ ASCII Ribbon Campaign B1FB C169 C7A6 238B 280B <- key change \ / No HTML in mail or news! 99AF A093 29AE 0AE1 9734 prev. expired X / \
