[TriLUG] weird http connections
Steve Kuekes
steve at kuekes.homeip.net
Thu Apr 15 07:11:53 EDT 2004
It looks like to me that you have an open proxy server on your apache
configuration and these guys are using it to access other web sites to
camoflauge their addresses. Check your apache config for mod_proxy. If
you're using proxy on apache don't let it proxy requests from outside
the internet or just turn it off.
Michael Hrivnak wrote:
> I've noticed that I'm getting weird requests logged by apache. The following
> are the most recent requests found on apache's server status page. Why are
> all of these hitting my machine? I've got a RR connection for what it's
> worth, and the machine in question is connected directly to the cable modem.
> I'm getting IP addresses from all over the place (China, Germany,
> Netherlands, etc.) making lots of requests for pages that have nothing to do
> with my domain. Is this normal?
>
> Mandrake 9.2, fully updated, apache 2, etc.
>
> Let me know if I can provide more info.
>
> Thanks,
> Michael
>
>
> 0-0 11173 0/32/7402 _ 0.09 1 0 0.0 0.09 37.75 24.74.25.228 hrivnak.org GET
> http://edit.in.yahoo.com/config?login?.tries=1&.src=bl&logi
> 1-0 11301 0/6/7270 W 0.05 10 0 0.0 0.01 40.38 24.74.25.228 hrivnak.org GET
> http://edit.tpe.yahoo.com/config?login?.tries=1&.src=bl&log
> 2-0 11286 0/10/6777 W 0.08 12 0 0.0 0.15 35.86 68.34.251.56 hrivnak.org GET
>>> Snipped
--
Steve Kuekes
More information about the TriLUG
mailing list