[TriLUG] weird http connections

Steve Kuekes steve at kuekes.homeip.net
Thu Apr 15 07:11:53 EDT 2004


It looks like to me that you have an open proxy server on your apache 
configuration and these guys are using it to access other web sites to 
camoflauge their addresses.  Check your apache config for mod_proxy.  If 
you're using proxy on apache don't let it proxy requests from outside 
the internet or just turn it off.

Michael Hrivnak wrote:

> I've noticed that I'm getting weird requests logged by apache.  The following 
> are the most recent requests found on apache's server status page.  Why are 
> all of these hitting my machine?  I've got a RR connection for what it's 
> worth, and the machine in question is connected directly to the cable modem.  
> I'm getting IP addresses from all over the place (China, Germany, 
> Netherlands, etc.) making lots of requests for pages that have nothing to do 
> with my domain.  Is this normal?
> 
> Mandrake 9.2, fully updated, apache 2, etc.
> 
> Let me know if I can provide more info.
> 
> Thanks,
> Michael
> 
> 
> 0-0	11173	0/32/7402	_ 	0.09	1	0	0.0	0.09	37.75 	24.74.25.228	hrivnak.org	GET 
> http://edit.in.yahoo.com/config?login?.tries=1&.src=bl&logi
> 1-0	11301	0/6/7270	W 	0.05	10	0	0.0	0.01	40.38 	24.74.25.228	hrivnak.org	GET 
> http://edit.tpe.yahoo.com/config?login?.tries=1&.src=bl&log
> 2-0	11286	0/10/6777	W 	0.08	12	0	0.0	0.15	35.86 	68.34.251.56	hrivnak.org	GET 

 >>> Snipped
-- 
Steve Kuekes




More information about the TriLUG mailing list