httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michel Bulgado <mic...@casa.co.cu>
Subject [users@httpd] Connection attempts - mod_proxy
Date Tue, 29 Jun 2010 20:52:12 GMT
Hello list

Using CentOS 5.4 version of apache httpd-2.2.3-31.el5. I have several 
virtualhost and one of the virtualhost, use mod_proxy to serve a web 
site I have running on Windows 2003, this server is not available 
online, it is an internal server.

Reviewing the messages I found Logwatch who have tried to use my server 
through the same mod_proxy to connect to other servers or sites.

Connection attempts using mod_proxy:

    95.25.10.121 -> 205.188.251.11:443: 1 Time(s)
    95.25.10.121 -> 205.188.251.16:443: 1 Time(s)
    95.25.10.121 -> 205.188.251.21:443: 1 Time(s)
    95.25.10.121 -> 205.188.251.26:443: 1 Time(s)
    95.25.10.121 -> 205.188.251.31:443: 1 Time(s)
    95.25.10.121 -> 205.188.251.36:443: 1 Time(s)
    95.25.10.121 -> 64.12.202.116:443: 1 Time(s)
    95.25.10.121 -> 64.12.202.43:443: 1 Time(s)
    95.25.10.121 -> 64.12.202.50:443: 1 Time(s)
    95.25.45.157 -> 205.188.251.11:443: 2 Time(s)
    95.25.45.157 -> 205.188.251.16:443: 2 Time(s)
    95.25.45.157 -> 205.188.251.1:443: 2 Time(s)
    95.25.45.157 -> 205.188.251.21:443: 2 Time(s)
    95.25.45.157 -> 205.188.251.26:443: 2 Time(s)
    95.25.45.157 -> 205.188.251.31:443: 2 Time(s)
    95.25.45.157 -> 205.188.251.36:443: 2 Time(s)
    95.25.45.157 -> 205.188.251.6:443: 2 Time(s)
    95.25.45.157 -> 64.12.202.116:443: 3 Time(s)
    95.25.45.157 -> 64.12.202.15:443: 2 Time(s)
    95.25.45.157 -> 64.12.202.1:443: 2 Time(s)
    95.25.45.157 -> 64.12.202.22:443: 2 Time(s)
    95.25.45.157 -> 64.12.202.29:443: 2 Time(s)
    95.25.45.157 -> 64.12.202.36:443: 2 Time(s)
    95.25.45.157 -> 64.12.202.43:443: 3 Time(s)
    95.25.45.157 -> 64.12.202.50:443: 3 Time(s)
    95.25.45.157 -> 64.12.202.8:443: 2 Time(s)
    95.26.235.217 -> 205.188.251.11:443: 2 Time(s)
    95.26.235.217 -> 205.188.251.16:443: 2 Time(s)
    95.26.235.217 -> 205.188.251.1:443: 2 Time(s)
    95.26.235.217 -> 205.188.251.21:443: 2 Time(s)
    95.26.235.217 -> 205.188.251.26:443: 2 Time(s)
    95.26.235.217 -> 205.188.251.31:443: 2 Time(s)
    95.26.235.217 -> 205.188.251.36:443: 1 Time(s)
    95.26.235.217 -> 205.188.251.6:443: 2 Time(s)
    95.26.235.217 -> 64.12.202.116:443: 1 Time(s)
    95.26.235.217 -> 64.12.202.15:443: 2 Time(s)
    95.26.235.217 -> 64.12.202.1:443: 2 Time(s)
    95.26.235.217 -> 64.12.202.22:443: 2 Time(s)
    95.26.235.217 -> 64.12.202.29:443: 2 Time(s)
    95.26.235.217 -> 64.12.202.36:443: 2 Time(s)
    95.26.235.217 -> 64.12.202.43:443: 1 Time(s)
    95.26.235.217 -> 64.12.202.50:443: 1 Time(s)
    95.26.235.217 -> 64.12.202.8:443: 2 Time(s)


the question is, should I be alarmed, because I fail to interpret if 
they could use mod_proxy to connect to these sites?

There a tool that runs under Linux that allows audit any activity or 
attempted attack on my apache server?

Thanks & Regards

Mime
View raw message