httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Folini <christian.fol...@post.ch>
Subject Re: [users@httpd] Security problem in apache with forms?
Date Tue, 30 Oct 2007 13:31:46 GMT
Hey Harold,

On Tue, Oct 30, 2007 at 02:29:18PM +0100, Harald Heggelund wrote:
> Since installing a new slackware server with apache and sendmail
> out-of-the-box, I have noticed my server is sending (moderate amounts of)
> spam worldwide.
> I suspect some webform or cgi-script. In the apache log, I see lots of these
> entries:
> 
> "POST http://87.118.100.88/proxy5/check.php HTTP/1.1" 404 297
> "POST http://82.228.61.77:49627/Chcks/Data_I.php HTTP/1.1" 404 297

If this is your server's log, then it's requests coming in.
The 404 number indicates, that the script in question has
not been found. Somebody tried to post data (POST requests)
to a script on your server, but the server did find the script and 
returned HTTP Status 404 "File not found" back to the client (=spammer?).

It's rather typical to see this in a logfile of a server
connected to the internet. But the fact, that the request contains 
more than the path is a bit unusual for me.

regs,

Christian


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message