httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike <mike.li...@levrah.net>
Subject RE: [users@httpd] Concern about log entry
Date Sat, 23 Aug 2003 21:42:09 GMT
At 04:23 PM 8/23/2003, you wrote:
>Cheers for that.
>
>I do not have proxy turned on.
>
>Just curious how does one go about probing my box to see if its turned
>on? I guess what they are looking for is a box to hide their traces
>through, right. I find this a bit annoying and really wish to get back
>at these people, as they have no idea what kind of damage they can
>cause, some of us are running a business of these boxes...
>How to stop them, if possible?

The best way to stop them is to use one or more firewall rules, such as 
iptables. Thus my question (in the P.S. of my other reply) about using 
iptables to reject (preferrably just drop) the probe attempts. If anyone 
has such a rule (or rules), I'm still interested in adding them to my other 
rules.

On a side note... Without exception (sit and think about it), it is not 
advisable to retaliate (or "get back" at them). You don't want any of the 
potential legal ramifications of retaliatory acts. But even if you were to 
do such a thing, based on the sheer numbers of people (likely using 
automated programs to do it anyway), you might find any such retaliation as 
being a full-time job by itself. As a business person, you've got much 
better things to do. Just a heads-up...

-mike


>-----Original Message-----
>From: Mike [mailto:mike.lists@levrah.net]
>Sent: Saturday, 23 August 2003 10:21 PM
>To: users@httpd.apache.org
>Subject: Re: [users@httpd] Concern about log entry
>
>
>At 06:54 AM 8/23/2003, you wrote:
> >I have some concern about the following log entry in my apache log
> >file.
> >Would an entry like the one below only be logged if I actually had a
>link
> >on my site (that's what I thought)?
> >
> >218.90.30.157 - - [23/Aug/2003:19:15:43 +1000] "GET
> ><http://hpcgi1.nifty.com/trino/ProxyJ/prxjdg.cgi>http://hpcgi1.nifty.co
>m/trino/ProxyJ/prxjdg.cgi
> >HTTP/1.1" 404 303
> >
> >The concern is because I have no such link on my site, I am also not
> >hosting the nifty.com site.
> >
> >Can anyone shed any light on this?
> >
> >Cheers
>
>Someone is just probing your box to see if it is allowing for proxying.
>
>If you have access to your box, login and grep your conf file for proxy
>to
>see if you have proxy turned on. If you do, turn it off unless you mean
>for
>it to be on.
>
>If you don't know where your httpd.conf file is, do this:
>
>locate httpd.conf
>
>If that doesn't find it, update your locate database with this (be
>patient
>and let it finish):
>
>locate -u
>
>(then do the locate httpd.conf command above)
>
>Then using the location of your httpd.conf file, check to see if (and if
>so
>where) proxy might be turned on (or off):
>
>grep proxy /path/to/httpd.conf
>
>(using your /path/to/ the httpd.conf file of course)
>
>If you find that you have proxy turned on, someone else here will have
>to
>say how to turn it off. In mine, I don't even have the proxy related
>modules loaded, and I don't have the proxy statement line to turn it on
>or
>off. Presumably (and someone tell me if I'm wrong) this means our box is
>
>not fulfilling proxy requests.
>
>Hope the info helps.
>-mike
>
>P.S. On a related note, does anyone know if these sorts of probing
>attempts
>can be killed (dropped or rejected) using iptables in some way? If so,
>I'm
>interested in learning how.
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server
>Project. See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message