httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James - TheyWill.com, Inc." <ja...@theywill.com>
Subject RE: [users@httpd] Strange, Disconcerting Access Log Entries
Date Mon, 04 Nov 2002 12:04:28 GMT
> somebody ran a portscanner and found your stmp port open&free.
> though it is hard to tell that they just *found* it through
> a portscanner program, or found it and sent some spam.
> they probably did something like this:
> telnet yourserver.com 25
> mail from hacker
> [your server could deny here or not]
> mail to victim
> mean message
> ..
> quit


Hi Carrie:

I do appreciate your feedback, but no that's not right.   First,
the SMTP port is not open.  You must authenticate.  Second,
anytime you telnet it is logged in the server's messages log.
Anytime you use the mail command or sendmail, it would be logged
in the messages log.

There were thousands of entries in the Apache log, meaning
someone communicated with the server via Apache.  There were no
entries in the messages log, which indicates that Apache acted
without the help of sendmail, SMTP, mail, etc...

Further, the IPs that were connected to via port 25, were not on
the server.

Thanks again,
James



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message