I received this reply from another list.
Going back to the very beginning of your first post - those web
requests you listed as seeing are a bit troublesome. They all seem
to be probes against your web server to verify if you can be used as
an open proxy server. The first two requests are from
mod_security is in the ports collection
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Robert Huff
Sent: Friday, April 07, 2006 3:11 PM
To: [EMAIL PROTECTED] ORG
Subject: Re: web server attack
Frank Laszlo writes:
> >> Does anyone know what th
Frank Laszlo writes:
> >> Does anyone know what this is and what I can do to stop it
> >> besides adding the ip address to my firewall block rules?
> >
> > I suppose that someone is trying to exploit mod_proxy to connect to an
> > SMTP server (that's the "CONNECT 4.79.181.15:25" part), or a
Chuck Swiger wrote:
fbsd_user wrote:
[ ... ]
Does anyone know what this is and what I can do to stop it
besides adding the ip address to my firewall block rules?
I suppose that someone is trying to exploit mod_proxy to connect to an
SMTP server (that's the "CONNECT 4.79.181.15:25" part), or a
fbsd_user wrote:
[ ... ]
Does anyone know what this is and what I can do to stop it
besides adding the ip address to my firewall block rules?
I suppose that someone is trying to exploit mod_proxy to connect to an SMTP
server (that's the "CONNECT 4.79.181.15:25" part), or at least get HTTP
rep
Posted this at 11am and now its 5:30pm and still have not seen this
post return from the list mailer. So posting it again.
In my httpd-access.log I have started receiving a lot of these.
Looks like some kind of attack to me.
This first showed up in my log on April fools day 4/1/06 and
get 4 per h
