LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 07-29-2004, 11:12 PM   #1
paul_m_d
Member
 
Registered: Dec 2003
Location: Canada
Posts: 47

Rep: Reputation: 15
Help me decipher weird Apache activity


Hi, I 'm a Linux newbie and I could use some Apache help here.

I recently discovered that my Apache installation had an open proxy (thank you, Mandrake default setup), and may have been relaying spam.

Anyway, I figured out how to disable mod_proxy in the configuration file, so all should be fine. But the moment I restart httpd, I get a flood of messages in access_log and error_log. The access_log ones are particularly weird, because my machine is receiving about 2 requests per second from who-knows-where. The requests seem to include long, random URLs for a variety of domains.

Most of the entries in access_log take the form GET http://some-url followed by two numbers (error codes?), a second URL (referer string?) and a user-agent ID. Here's an example:

"GET http://c4.maxserving.com/gen.js?bunch-o-crap HTTP/1.0" 404 411 "http://www.wondersky.net/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

Some of the entries start with CONNECT or HEAD instead.

Can someone tell me what's going on here? Why are all these weird requests hitting my machine? What is Apache doing about them? How do I make it stop?
 
Old 07-30-2004, 10:07 AM   #2
320mb
Senior Member
 
Registered: Nov 2002
Location: pikes peak
Distribution: Slackware, LFS
Posts: 2,577

Rep: Reputation: 47
is the "telnet" service enabled?? turn it off if it is.............
/etc/inetd is the file you want to edit...........
 
Old 07-28-2005, 12:52 AM   #3
barnamos
LQ Newbie
 
Registered: Apr 2005
Location: colorado
Distribution: mandriva
Posts: 27

Rep: Reputation: 15
http://www.linuxquestions.org/questi...ght=open+proxy

I also commented this in httpd.conf

<IfDefine APACHEPROXIED>
# Listen 8080
</IfDefine>
<IfDefine !APACHEPROXIED>
# Listen 80
</IfDefine>
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
weird hard drive activity Furlinastis Slackware 4 01-25-2005 08:30 AM
make install ndiswrapper error I can't decipher case1984 Linux - Wireless Networking 1 09-28-2004 06:59 PM
Very strange activity - EXE running as apache?? lucastic Linux - Security 2 09-03-2004 06:01 AM
Can anyone decipher my K3b error message? Trinity22 Linux - Software 3 04-21-2004 10:01 PM
Try to decipher this :) Whitehat General 42 06-29-2003 07:42 PM


All times are GMT -5. The time now is 06:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration