1 |
I just have noticed that my Apache2 access.log has few entries: |
2 |
|
3 |
220.189.234.182 - - [27/Sep/2005:03:21:59 -0600] "CONNECT 202.165.103.38:80 HTTP/1.1" 200 17505 |
4 |
61.232.83.75 - - [09/Oct/2005:04:33:26 -0600] "CONNECT 66.135.208.90:80 HTTP/1.1" 200 25952 |
5 |
59.40.34.187 - - [09/Oct/2005:19:05:40 -0600] "CONNECT 210.59.228.72:25 HTTP/1.1" 200 17368 |
6 |
66.219.100.118 - - [18/Oct/2005:02:04:00 -0600] "CONNECT mx2.ToughGuy.net:25 HTTP/1.0" 200 30192 |
7 |
213.180.210.35 - - [26/Nov/2005:12:09:14 -0700] "CONNECT 213.180.193.1:25 HTTP/1.0" 200 16916 |
8 |
|
9 |
These IP's are mostly from Russian or Chines hackers. |
10 |
My proxy is not enabled in /etc/conf.d/apache2 |
11 |
APACHE2_OPTS="-D DEFAULT_VHOST -D SSL -D PHP4" |
12 |
|
13 |
Anybody has similar entries. According to Apache explanation: |
14 |
http://httpd.apache.org/docs/1.3/misc/FAQ.html#proxyscan |
15 |
"200" would indicate that somebody is using my apache as proxy, but how? |
16 |
|
17 |
-- |
18 |
#Joseph |
19 |
-- |
20 |
gentoo-user@g.o mailing list |