Re: Apache 1.3.33 strange log entry

From: Walter Roberson (
Date: 02/28/05

Date: 28 Feb 2005 22:01:48 GMT

In article <>,
stefanPL <> wrote:
:I found this strange entry in my Apache log, can anyone explain it to
:me and tell me is it dangerous and how can I secure against it?

: - - [28/Feb/2005:22:39:29 +0100] "CONNECT HTTP/1.0" 200 3853 "-" "-"

:I guess someone is trying to use my computer as a mail server, but I
:don't have mail server installed.

My interpretation is that someone was trying to use your system as
a proxy to a mail server, possibly to be anonymous but possibly
as a spam relay.

:Maybe there is a Windows XP hole that
:makes it possible to use Win XP as a mail server remotely or sth like

There are a number of proxy servers around that run on port 80
[because port 80 is not often firewalled off.] The person may have been
scanning for such proxies.

When your posts are all alone / and a user's on the phone/
there's one place to check -- / Upstream!
When you're in a hurry / and propagation is a worry/
there's a place you can post -- / Upstream!