Re: [users@httpd] Here's a new one (to me).

Wed, 30 Jul 2008 13:22:36 -0700 

OK, understood,
So does that mean that the original problem (my Apache server connecting to an open relay), is starting AT my server itself? 


i.e. Being sent to my server on port 80 but POSTing to another server on 
port 25?


66.139.69.201 - - [29/Jul/2008:04:01:58 -0400] "POST
http://lti-mail01.ltinetworks.com:25/ HTTP/1.0"
200 1401 "-" "-"
66.139.69.201 - - [29/Jul/2008:04:02:00 -0400] "CONNECT
http://lti-mail01.ltinetworks.com:25 HTTP/1.
0" 400 226 "-" "-"

I am really in need of stopping this!

mod_security didnt seem to help.

-Grant


----- Original Message ----- 
From: "William A. Rowe, Jr." <[EMAIL PROTECTED]>

To: <users@httpd.apache.org>
Sent: Tuesday, July 29, 2008 11:34 PM
Subject: Re: [EMAIL PROTECTED] Here's a new one (to me).



Grant Peel wrote:

index.html = 1401 bytes.

?



Well that's good, you have to understand that without proxy module 
enabled,

these are /local/ requests...


Grant Peel wrote:



On this past Saturday, my server started seeing sporadic spikes in CPU 
usage. As it turns out, somehow, some bot or something somewhere is 
connecting to me server and relaying messages to another server.


Don't freak out...


Log lines:


66.139.69.201 - - [29/Jul/2008:04:01:58 -0400] "GET 
http://www.microsoft.com/ HTTP/1.0" 200 1401 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 
1.1.4322)"


How large is your index.html?



go ahead and (without using DNS) just

telnet {your-ip} 80

GET http://www.microsoft.com/ HTTP/1.0
Host: www.microsoft.com

and see what the server comes back with; it will be your own index.html.

Without proxy; the http://hostname is stripped off, and your server
simply served up /


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to