Re: Apache 1.3.33 strange log entry

From: Walter Roberson (roberson_at_ibd.nrc-cnrc.gc.ca)
Date: 02/28/05


Date: 28 Feb 2005 22:01:48 GMT

In article <1109627776.022073.304060@f14g2000cwb.googlegroups.com>,
stefanPL <stefanet@poczta.onet.pl> wrote:
:I found this strange entry in my Apache log, can anyone explain it to
:me and tell me is it dangerous and how can I secure against it?

:61.31.158.236 - - [28/Feb/2005:22:39:29 +0100] "CONNECT
:news98.idv.tw:25 HTTP/1.0" 200 3853 "-" "-"

:I guess someone is trying to use my computer as a mail server, but I
:don't have mail server installed.

My interpretation is that someone was trying to use your system as
a proxy to a mail server, possibly to be anonymous but possibly
as a spam relay.

:Maybe there is a Windows XP hole that
:makes it possible to use Win XP as a mail server remotely or sth like
:that.

There are a number of proxy servers around that run on port 80
[because port 80 is not often firewalled off.] The person may have been
scanning for such proxies.

-- 
When your posts are all alone / and a user's on the phone/
there's one place to check -- / Upstream!
When you're in a hurry / and propagation is a worry/
there's a place you can post -- / Upstream!