No, no custom error pages in that server. -O On Thursday, Jun 12, 2003, at 01:34 America/Lima, Dongen, Jeroen van wrote: > Unless you have a webserver that returns "custom" errorpages as normal > html > documents (return code 200) instead of a 'real' 404 message. > > -----Original Message----- > From: OSCAR [mailto:oscar7890at_private] > Sent: Wednesday, June 11, 2003 6:52 AM > To: BBDO Perú Lima > Subject: Re: Strange CONNECT entries in apache logs > > > If 200 is a successful connection, do these lines mean i am in > trouble?... > > > 200.48.211.58 - - [10/Jun/2003:10:23:21 -0500] "GET > / > default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > X > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > X > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > X > XXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9 > 0 > 90%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0 > 0 > 78%u0000%u00=a HTTP/1.0" 200 - > > 21.10.41.230 - - [07/Jun/2003:09:34:20 -0500] "GET > http://www.nessus.org HTTP/1.0" 200 2347 > > 21.10.41.230 - - [07/Jun/2003:09:32:49 -0500] "TRACE > /thisFiledoesNotexist.html HTTP/1.1" 200 319 > > 21.10.41.230 - - [07/Jun/2003:09:32:43 -0500] "GET /%2e/ HTTP/1.1" 200 > 2347 > > 21.10.41.230 - - [07/Jun/2003:09:32:48 -0500] "OPTIONS * HTTP/1.0" 200 > - > > 21.10.41.230 0 - - [07/Jun/2003:09:32:16 -0500] "GET > /index.php?page=../../../../../../../../../../../../../../../etc/passwd > HTTP/1.1" 200 38508 > > 21.10.41.230 - - [07/Jun/2003:09:32:14 -0500] "GET /?sql_debug=1 > HTTP/1.1" 200 2347 > > 21.10.41.230 - - [07/Jun/2003:09:31:42 -0500] "GET > /////////////////////////////////////////////////////////////////////// > /////////////////////////////////////////////////////////////////////// > /////////////////////////////////////////////////////////////////////// > /////////////////////////////////////////////////////////////////////// > /////////////////////////////////////////////////////////////////////// > /////////////// HTTP/1.1" 200 2347 > > 21.10.41.230 - - [07/Jun/2003:09:31:30 -0500] "GET /?Mode=debug > HTTP/1.1" 200 2347 > > 212.253.114.134 - - [17/May/2003:15:34:11 -0500] "HEAD / HTTP/1.0" 200 > 0 > > > > Thanks. > > ------- > Oscar > > > > > On Monday, Jun 9, 2003, at 15:34 America/Lima, Christine Kronberg > wrote: > >> On Fri, 6 Jun 2003, Rajkumar S wrote: >> >>> >>> While going through my apache logs, I found some logs indicating >>> CONNECT >>> requests to port 25 of other hosts. >>> >>> 213.130.24.192 [06/Jun/2003:08:44:58 +0530] "CONNECT 194.67.23.20:25 >>> HTTP/1.1" 302 5 "-" "-" >>> 130.94.247.248 [06/Jun/2003:10:26:17 +0530] "CONNECT 207.44.188.67:25 >>> HTTP/1.0" 200 14409 "-" "-" >>> 130.94.247.248 [06/Jun/2003:09:56:21 +0530] "CONNECT smtp.rol.ru:25 >>> HTTP/1.0" 200 17757 "-" "-" >>> >>> I found this in 2 machines in indian ip block. My another server at >>> US >>> is not affected by this. Some one else seeing this? Could this be the >>> next wave of spam ?? >> >> Some people are using your apache as mailrelay. Did you enable >> proxying? Getting a "200" indicates that the connect to those >> mailservers was successful. Make sure that you configure your >> apache not to accept CONNECTs from everywhere to other than >> special ports, if you need proxying at all (if you don't need >> it disable that feature). >> I see people trying to connect to other servers each day, but >> they get an "405" error. >> >> Cheers, >> >> >> >> Chris. >> >> -- >> GeNUA mbH >> >> >> >> ---------------------------------------------------------------------- >> - >> ----- >> ---------------------------------------------------------------------- >> - >> ----- >> > > > > ----------------------------------------------------------------------- > ----- > ----------------------------------------------------------------------- > ----- > ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Jun 12 2003 - 10:38:49 PDT