httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James -, Inc." <>
Subject RE: [users@httpd] Strange, Disconcerting Access Log Entries
Date Sun, 03 Nov 2002 21:41:32 GMT
>    This specification reserves the method name CONNECT
> for use with a proxy that can dynamically switch to being a
> (e.g. SSL tunneling [44]).
> My guess is, that somebody is abusing your Apache
> server to forward/tunnel connections to a SMTP-server.

My guess was that they were using Apache as some kind of proxy to
find open SMTP ports, but I had never heard of such a

> This is probably to send SPAM.

Just for everyone's comfort, I did block the connecting IP block
from Apache and other server services.

> If you have been hacked or not is a good question.

All of the content on the site is intact and as expected.  The
server load is not high at all, and there doesn't appear to be
anything "extra" running.  Further, again, the server messages
log indicates that everything is quiet.  I've also had Verio
technicians, the VPS vendor, take a look and although they didn't
seem to know what's up with the log entries, I was assured that
nothing was hacked.

> But since you son't seem to really know what CONNECT
> is/means, it could also be that your server is not
> properly configured.

You are so right.  If you don't know everything there is to know
about Apache, your server could be misconfigured.

> Keep us informed! Never seen such a case/report, but
> also never figured that a spammer could abuse Apache
> like this.

I guess I'm not alone.  I appreciate the assistance.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message