LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-10-2004, 11:56 AM   #1
TheIrish
Member
 
Registered: Oct 2003
Location: ITALY
Distribution: Debian, Ubuntu, Fedora
Posts: 137

Rep: Reputation: 15
Angry Strange Apache LOGs...


Hi all,
many of you might already have seen a log like this:
Code:
80.***.4.56 - - [01/Jan/2004:07:22:01 +0100] "connect 195.***.76.123:25 HTTP/1.0" 200 14402 "-"
I believe I know what's the meaning of all this. Unluckly, all the answers I found over the net sound like 'disable mod_proxy'. Well, it was disabled since my very first installation of apache...
Now, assuming I have an efficient firewall script, only ports 80,25 open, and mod_proxy disabled... what else could it be? Is that 200 reliable enough?
Thanks
 
Old 02-10-2004, 12:02 PM   #2
jazernorth
Member
 
Registered: Jan 2004
Location: Green Bay
Distribution: RedHat 8.0, LFS-5.0
Posts: 100

Rep: Reputation: 15
Depends on how your Apache is configured.

Check:
NameVirtualHost
It should be set to *:80, which would force Apache to listen on all IP's and only port 80. If it is * then Apache will listen to all IP's and all ports. Therefore, if someone requests on :25, Apache will probably respond.

JN
 
Old 02-10-2004, 12:08 PM   #3
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Probably spammers looking for open proxies. By default, apache won't allow proxy connections like that attempt. What's going on is Apache will return the default homepage of your site when someone attempts to make a proxy connection through to somewhere else. So it does return a "200" (success), but they get back your homepage instead.
 
Old 02-10-2004, 01:15 PM   #4
TheIrish
Member
 
Registered: Oct 2003
Location: ITALY
Distribution: Debian, Ubuntu, Fedora
Posts: 137

Original Poster
Rep: Reputation: 15
Thanks for the advices!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
HELP ! very strange apache logs ! qwijibow Linux - Security 2 09-15-2004 10:24 PM
Strange FTP logs dominant Linux - Security 1 08-24-2004 01:46 AM
apache logs showing strange "SEARCH /\x90\x02\xb1" lines TheOneAndOnlySM Linux - Software 1 06-28-2004 04:39 PM
strange logs NSKL Slackware 2 10-24-2003 05:10 AM
Apache logs - ???Linux logs??? mylo2003 Linux - General 3 08-07-2003 04:49 PM


All times are GMT -5. The time now is 12:19 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration