httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "szymanski_j" <szymansk...@yahoo.com>
Subject Re: Spam Using SMTP "Over" HTTP-Proxy
Date Thu, 28 Aug 2003 08:17:31 GMT
Problem can come from your module to be linked with external shared 
libraries.

Look at:
http://www.megalith.co.uk/manual/dso.html

hope it helps,
cheers,
--jakub

--- In new-httpd@yahoogroups.com, Cliff Woolley <jwoolley@v...> wrote:
> On Thu, 28 Aug 2003, Eli Marmor wrote:
> 
> > According to research companies, most of the current spamming is 
done
> > using HTTP proxies. Spammers assistant scripts scan the net 24 
hours a
> > day, looking for open proxies, and then use them to spread the 
spam.
> 
> Correct.  And people continue to submit this to security@a... as a
> bug on a fairly regular basis, even though it is due to a 
misconfiguration
> on their part.
> 
> All you have to do is configure mod_proxy correctly, which lots of 
sites
> do not.  In particular, setting "ProxyRequests on" without proper 
access
> controls will create the kind of bad situation that leads to this 
problem.
> Most of the time what has happened is that the site admin really 
only
> wanted to provide a REVERSE proxy (as with ProxyPass), not a 
forward one.
> "ProxyRequests on" is not required for ProxyPass to work.
> 
> Someone suggested adding a directive to control which ports the 
proxy will
> connect to (note there's already a directive that controls this for
> CONNECT requests), but since open HTTP proxies are bad for the 
internet in
> general (in the anonymous-HTTP-to-third-parties sense as well as the
> backdoor-to-your-SMTP-server sense), it didn't seem worth it to 
block
> _some_ of the bad behavior when fixed configurations would easily 
block
> ALL of it -- using already existing directives.
> 
> We've been attempting to conduct a bit of user education by way of
> improved documentation, removed default configurations, and a few 
posts to
> bugtraq, but obviously people still have wide open HTTP proxies due 
to
> old, broken configurations, and will probably continue to do for 
some time
> to come.  :(
> 
> --Cliff


Mime
View raw message