Re: Apache 1.3.33 strange log entry
From: Walter Roberson (roberson_at_ibd.nrc-cnrc.gc.ca)
Date: 28 Feb 2005 22:01:48 GMT
In article <email@example.com>,
stefanPL <firstname.lastname@example.org> wrote:
:I found this strange entry in my Apache log, can anyone explain it to
:me and tell me is it dangerous and how can I secure against it?
:18.104.22.168 - - [28/Feb/2005:22:39:29 +0100] "CONNECT
:news98.idv.tw:25 HTTP/1.0" 200 3853 "-" "-"
:I guess someone is trying to use my computer as a mail server, but I
:don't have mail server installed.
My interpretation is that someone was trying to use your system as
a proxy to a mail server, possibly to be anonymous but possibly
as a spam relay.
:Maybe there is a Windows XP hole that
:makes it possible to use Win XP as a mail server remotely or sth like
There are a number of proxy servers around that run on port 80
[because port 80 is not often firewalled off.] The person may have been
scanning for such proxies.
-- When your posts are all alone / and a user's on the phone/ there's one place to check -- / Upstream! When you're in a hurry / and propagation is a worry/ there's a place you can post -- / Upstream!