Got the following in my log
211.55.209.131 - - [29/Apr/2005:16:37:57 +0100] "GET http://umsky.com/sproxy.php HTTP/1.0" 404 328
220.170.88.36 - - [01/May/2005:03:26:44 +0100] "GET http://www.yahoo.com/ HTTP/1.1" 200 1456
195.154.246.201 - - [01/May/2005:13:38:08 +0100] "GET / HTTP/1.0" 200 1456
82.53.153.215 - - [05/May/2005:15:18:34 +0100] "CONNECT 207.46.133.140:21 HTTP/1.0" 405 363
61.159.46.68 - - [07/May/2005:00:30:46 +0100] "GET http://www.online.sh.cn/ HTTP/1.1" 200 1456
This is an external facing, but unused, unpublished, Apache server on a non-default port. When I try to construct a url like that from a browser, I get a leading '/' in the log, and a 404 error, as expected.
I'm concerned at the apparently successful relays to yahoo etc.
Anyone know what they are, whether they're dangerous, how to stop them ?
some kind of open relay ?
-
WillemGrooters
- VMS Guru
- Posts: 59
- Joined: Wed Jul 20, 2005 10:17 am
- Location: Netherlands
- Contact:
scanned port?
Unpublished doesn't mean "invisible". Nor is "non-standard". the requestor may have scanned your address for open ports and found this leading to a webserver; Or it is attempted to use it as a proxy server. Best you shutdown the port on your firewall, it won't do any harm unless you need outside access to it.
Have you enabled proxies, BTW? I wouldn't do that, or allow access only from your inside network.
Have you enabled proxies, BTW? I wouldn't do that, or allow access only from your inside network.
Yeah, I had the same problem, too. I've got a PeeCee DVR behind my firewall that I need to access to access the TV schedule and program it remotely. I added a proxy to get access to it remotely -- and it didn't take long for the lamers to start hitting it and using my host to hide their nefarious deeds. I found out a bit about the loser companies that sell their proxy clients to people, then leech off open proxy servers...
I wanted my VMS box to act as the primary interface to the world, while still providing access to my PeeCee. And protecting my entire network. Who wouldn't hide a PeeCee behind a VMS host? Ok, don't answer that...
Anyhow, if you need a proxy server, you can restrict it so that it can only access the system you want it to hit. Add something like the following to the pertinent section of your httpd.conf:
I wanted my VMS box to act as the primary interface to the world, while still providing access to my PeeCee. And protecting my entire network. Who wouldn't hide a PeeCee behind a VMS host? Ok, don't answer that...
Anyhow, if you need a proxy server, you can restrict it so that it can only access the system you want it to hit. Add something like the following to the pertinent section of your httpd.conf:
It does a pretty effective job of blocking them -- it's taken a long, long time for me to get off the list of the Proxy Peddlers. I still get an occasional hit, but they always get a 404 back in their face!<IfModule mod_proxy.c>
ProxyRequests Off
ProxyPass /sage/ http://peecee:8080/sage/
ProxyPassReverse /sage/ http://peecee:8080/sage/
ProxyVia Block
</IfModule>