I check my logwatch and this jerk tried to access my box using a known hack! How can check to see if my apache proxy settings are turned off or denied all? I think I should be looking into my httpd.conf file. what do I edit in the file? Do I need to worry?

Code:

Connection attempts using mod_proxy: 66.219.100.118 -> mx3.punkass.com:25: 1 Time(s)


thanks in advance

Mod_proxy should be off in Fedora, unless you've specifically enabled it in httpd.conf. Post the corresponding log entries for those proxy attempts from /var/log/httpd/access_log.

The default Apache response is usually to put a "200" status code in the logs which normally means a successfull attempt, however Apache will server *your* default index.html page instead of the content they were try to proxy. The way to tell the difference is by looking at the size of the data transmitted and seeing if it's the same size as your default homepage.

If you are really paranoid (or curious) you can also tinker around using telnet on port 80 and try to transmit the raw html CONNECT method.

yup, it is already turned off by default. you were right. do you know what kind of cracking method is this?

There should likely be more to the malicious URL than that. x90 is the intel opcode for "no operation" or NOP. Putting many of them together into a "NOP Sled" is a trick used by exploit writers to inject exploit code without having to specifically define the exact boundaries where the buffer overflows into the return address. So basically it's used as padding before the actual exploit payload.