Rajkumar S(listuser) said: ->Hi, -> ->While going through my apache logs, I found some logs indicating CONNECT ->requests to port 25 of other hosts. -> ->213.130.24.192 [06/Jun/2003:08:44:58 +0530] "CONNECT 194.67.23.20:25 ->HTTP/1.1" 302 5 "-" "-" ->130.94.247.248 [06/Jun/2003:10:26:17 +0530] "CONNECT 207.44.188.67:25 ->HTTP/1.0" 200 14409 "-" "-" ->130.94.247.248 [06/Jun/2003:09:56:21 +0530] "CONNECT smtp.rol.ru:25 ->HTTP/1.0" 200 17757 "-" "-" -> ->I found this in 2 machines in indian ip block. My another server at US ->is not affected by this. Some one else seeing this? Could this be the ->next wave of spam ?? -> Nope, not the next wave, it's the current wave. Abusing open proxies is currently fashionable. It makes spammers extremely difficult to track without getting a hold of the logs from the abused open proxy. DNSbls already exist to use to try to block these. Monkeys.com and Osirusoft both have open proxy DNSbls. Paul ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jun 10 2003 - 12:53:31 PDT