fbsd_user wrote: [ ... ]
Does anyone know what this is and what I can do to stop it besides adding the ip address to my firewall block rules?
I suppose that someone is trying to exploit mod_proxy to connect to an SMTP server (that's the "CONNECT 4.79.181.15:25" part), or at least get HTTP replies back.
Make sure you don't have mod_proxy enabled in Apache....
218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:25 -0400] "\x04\x01" 200 0 "-" "-" 218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:45 -0400] "\x05\x01" 200 0 "-" "-" 218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:45 -0400] "CONNECT 4.79.181.15:25 HTTP/1.1" 200 7014 "-" "-" 218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:46 -0400] "GET http://www.ebay.com/ HTTP/1.1" 200 7014 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
-- -Chuck _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
