Re: Using http as mail spam engine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ashley M. Kirchner wrote:

   I noticed these entries in my apache log today:

60.250.66.175 - - [01/Nov/2007:04:41:01 -0600] "CONNECT 218.32.192.11:25 HTTP/1.0" 200 12439 "-" "-" 60.250.66.175 - - [01/Nov/2007:04:41:04 -0600] "CONNECT 61.31.198.50:25 HTTP/1.0" 200 12439 "-" "-" 60.250.66.175 - - [01/Nov/2007:04:43:28 -0600] "CONNECT 60.249.125.71:25 HTTP/1.0" 200 12439 "-" "-" 159.148.97.91 - - [02/Nov/2007:22:01:40 -0600] "CONNECT 195.175.37.70:8080 HTTP/1.0" 200 14301 "-" "-" 159.148.97.91 - - [02/Nov/2007:22:01:41 -0600] "CONNECT 159.148.96.222:80 HTTP/1.0" 200 14301 "-" "-"

And while the first two are specifically targeting port 25, the other two aren't But more importantly, how is this being done, and how do I stop it? Did I forgot to disable something within Apache somewhere?


I don't like those "200" responses you're giving out.
I suggest you have a close look at your limit (and limitexcept) clauses, and read the relevant docs at www.apache.org.

I don't know how to do CONNECT connexions except for https, but I gather it's a generic tunneling mechanism, and for sure I don't know everything, esp about this, but I'd be every bit as suspicious about that as you are.



--

Cheers
John

-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx  Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

Please do not reply off-list


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux