httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From herbs <herbert.raim...@gmx.net>
Subject [users@httpd] Evil hacker on my Server?
Date Sat, 07 May 2005 12:37:46 GMT
Hi Admins, Gurus & Geeks,

I am running a small server here in Warsaw just for my education material. Though its all
selfmade I have just little experience with professionell webhosting.

Recently I a found some suspicious lines in my log file:

218.17.72.226 - - [07/May/2005:09:17:03 +0200] "CONNECT 4.79.181.12:25 HTTP/1.1" 405 319
218.17.72.226 - - [07/May/2005:09:17:04 +0200] "GET http://www.ebay.com/ HTTP/1.1" 200 5039

Then there is no further activity from 218.17.72.226 in my logfile.
But similar attempts come from other IPs too.

Error 405 means 'Method not allowed'. But Error 200 means 'OK'. My guess is that bad guys
try to connect through my server and using my IP whats definitely not my desire..

Would make me sleep better if somebody can shed some light on this issue. 
Is there a method to lock out certain IPs? 
I tried /etc/hosts.deny but from outside I can still access Apache. I couldnt find anything
about this issue in my Apache book. 
What am I doing wrong? 

Cheers & best regards
herbs, Warsaw

Slackware 10.0
Linux Kernel 2.4.26
Apache 1.3

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message