httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jsl...@gmail.com>
Subject Re: [users@httpd] CONNECT in my access_log
Date Thu, 06 Oct 2005 02:01:41 GMT
On 10/5/05, Edhi Nugroho <edhinug@unisbank.ac.id> wrote:
> Hi,
> I found this in apache's access_log :
>
> 219.134.31.58 - - [05/Oct/2005:19:02:35 +0700] "CONNECT
> smtp.mail.yahoo.com.cn:25 HTTP/1.0" 302 5719 "-" "-"
> 219.133.247.2 - - [05/Oct/2005:19:04:15 +0700] "CONNECT ms94.url.com.tw:25
> HTTP/1.0" 302 5719 "-" "-"
> 219.134.73.202 - - [05/Oct/2005:19:07:58 +0700] "CONNECT cm1.hinet.net:25
> HTTP/1.0" 302 5719 "-" "-"
> 219.133.175.13 - - [05/Oct/2005:19:09:03 +0700] "CONNECT
> smtp.mail.yahoo.com:25 HTTP/1.0" 302 5719 "-" "-"
>
> What that's mean? Did my server hit by worm / virus? How can I reject this
> command? Should I put LIMIT in my apache conf. I use apache 2.0 in Mandriva
> LE 2005.

It is someone trying to use your server to send spam.  Judging by the
status code (302), it is not working.  But you should double-check
that ProxyRequests is off.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message