httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Koen Vingerhoets" <koen.vingerho...@ubench.com>
Subject RE: [users@httpd] Help: Getting HUGE number of hits from wrong sites
Date Thu, 29 Aug 2002 12:32:53 GMT
Hi,

hackerz use proxies like yours to stay anonymous.
We had the same problem, until i reviewed the firewall.
In 2 days time, it stopped.

Met vriendelijke groet,

Koen Vingerhoets

***** UBench nv *****
http://www.ubench.com
____________________________________________
The information contained in this electronic mail message is privileged and
confidential,
and is intended only for use of the addressee. If you are not the intended
recipient, you
are hereby notified that any disclosure,reproduction, distribution or other
use of this
communication is strictly prohibited.

If you have received this communication in error, please notify the sender
by reply
transmission and delete the message without copying or disclosing it.


-----Original Message-----
From: Craig [mailto:craigm@nsutah.com]
Sent: 29 August 2002 14:29
To: users@httpd.apache.org
Subject: Re: [users@httpd] Help: Getting HUGE number of hits from wrong
sites


Joshua Slive wrote:> On Wed, 28 Aug 2002, Chris Cioffi wrote:
>>
>>I've been monitoring my access logs for the last several days and have
>>noticed that I get a HUGE number (20k+/day) of page requests for domains
>>that have nothing to do with me.
>
> But there is really nothing you can do from Apache to stop these things,
> other than make sure you are not running an open proxy.  If it is really
> eating up your bandwidth, then it should be considered a denial-of-service
> attack and you should ask your ISP and the ISP of the malicious client to
> help you get it stopped.

Really?  I was seeing this same situation earlier this year.  I have
proxying turned on to proxy for some machines inside our net and had
trouble at first getting it configured right.  Either it would proxy for
everybody or nobody.  I finally got it figured out so that it would only
allow proxy requests from internal machines (10.*) and reject all others.

At first, my logs were FULL of fulfilled proxy requests (from external
addresses), then after I made the change, it was full of 403 (rejected)
proxy requests.  Now I have a few proxy requests from the outside, but
not many.

In short, isn't there some sort of "search tool" that finds proxy
servers then uses that accumulated knowledge--kinda like email
scavengers and web searches?  I would be fairly certain that they bounce
these requests off your proxy to provide some sort of "anonymous" service.

Craig.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message