some kind of open relay ?

Discussions around the use of Apache on VMS
Post Reply

some kind of open relay ?

#1 Post by chris_sharman »

Got the following in my log - - [29/Apr/2005:16:37:57 +0100] "GET HTTP/1.0" 404 328 - - [01/May/2005:03:26:44 +0100] "GET HTTP/1.1" 200 1456 - - [01/May/2005:13:38:08 +0100] "GET / HTTP/1.0" 200 1456 - - [05/May/2005:15:18:34 +0100] "CONNECT HTTP/1.0" 405 363 - - [07/May/2005:00:30:46 +0100] "GET HTTP/1.1" 200 1456

This is an external facing, but unused, unpublished, Apache server on a non-default port. When I try to construct a url like that from a browser, I get a leading '/' in the log, and a 404 error, as expected.
I'm concerned at the apparently successful relays to yahoo etc.
Anyone know what they are, whether they're dangerous, how to stop them ?

User avatar
VMS Guru
Posts: 59
Joined: Wed Jul 20, 2005 10:17 am
Location: Netherlands

scanned port?

#2 Post by WillemGrooters »

Unpublished doesn't mean "invisible". Nor is "non-standard". the requestor may have scanned your address for open ports and found this leading to a webserver; Or it is attempted to use it as a proxy server. Best you shutdown the port on your firewall, it won't do any harm unless you need outside access to it.
Have you enabled proxies, BTW? I wouldn't do that, or allow access only from your inside network.

User avatar
Posts: 17
Joined: Tue Feb 01, 2005 1:14 pm
Location: Huntsville, AL USA

#3 Post by Alphaman »

Yeah, I had the same problem, too. I've got a PeeCee DVR behind my firewall that I need to access to access the TV schedule and program it remotely. I added a proxy to get access to it remotely -- and it didn't take long for the lamers to start hitting it and using my host to hide their nefarious deeds. I found out a bit about the loser companies that sell their proxy clients to people, then leech off open proxy servers...

I wanted my VMS box to act as the primary interface to the world, while still providing access to my PeeCee. And protecting my entire network. Who wouldn't hide a PeeCee behind a VMS host? Ok, don't answer that...

Anyhow, if you need a proxy server, you can restrict it so that it can only access the system you want it to hit. Add something like the following to the pertinent section of your httpd.conf:
<IfModule mod_proxy.c>
ProxyRequests Off

ProxyPass /sage/ http://peecee:8080/sage/
ProxyPassReverse /sage/ http://peecee:8080/sage/
ProxyVia Block

It does a pretty effective job of blocking them -- it's taken a long, long time for me to get off the list of the Proxy Peddlers. I still get an occasional hit, but they always get a 404 back in their face!

Post Reply