Help me decipher weird Apache activity
Hi, I 'm a Linux newbie and I could use some Apache help here.
I recently discovered that my Apache installation had an open proxy (thank you, Mandrake default setup), and may have been relaying spam. Anyway, I figured out how to disable mod_proxy in the configuration file, so all should be fine. But the moment I restart httpd, I get a flood of messages in access_log and error_log. The access_log ones are particularly weird, because my machine is receiving about 2 requests per second from who-knows-where. The requests seem to include long, random URLs for a variety of domains. Most of the entries in access_log take the form GET http://some-url followed by two numbers (error codes?), a second URL (referer string?) and a user-agent ID. Here's an example: "GET http://c4.maxserving.com/gen.js?bunch-o-crap HTTP/1.0" 404 411 "http://www.wondersky.net/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" Some of the entries start with CONNECT or HEAD instead. Can someone tell me what's going on here? Why are all these weird requests hitting my machine? What is Apache doing about them? How do I make it stop? |
is the "telnet" service enabled?? turn it off if it is.............
/etc/inetd is the file you want to edit........... |
http://www.linuxquestions.org/questi...ght=open+proxy
I also commented this in httpd.conf <IfDefine APACHEPROXIED> # Listen 8080 </IfDefine> <IfDefine !APACHEPROXIED> # Listen 80 </IfDefine> |
All times are GMT -5. The time now is 02:59 PM. |