[HLUG] Ref using my machine as a relay!!

Mark Broadbent mgjbroadbent at googlemail.com
Wed Apr 26 11:57:59 BST 2006


Hi Dave,

On 26/04/06, David Shorthouse <kungfu at globalnet.co.uk> wrote:
> Sorry that most of you couldnt make it to the meeting last week... It was a
> nice pub i would recommend it to anyone going out for  a quiet one.

I would certainly agree with that, even if it's slightly out the way!
(or maybe I should have parked my car closer). :-/

> Back to my issue.
>
> I run an apache webserver on my machine as I host 4 websites. I think I am
> having a problem with someone relaying data through apache although I dont
> have the proxy mod installed. I wont atache the whole log file but the
> relevent parts.
>
> www.kungfu.dyndns.org 212.95.252.16 - - [12/Mar/2006:02:25:10 +0000] "GET /
> HTTP/1.0" 200 1593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
>
>
> 192.168.0.4 59.104.55.168 - - [20/Mar/2006:04:54:58 +0000] "CONNECT
> 210.200.181.194:25 HTTP/1.0" 200 16249 "-" "-"
> 192.168.0.4 59.104.55.168 - - [20/Mar/2006:04:55:03 +0000] "CONNECT
> 210.200.181.194:25 HTTP/1.0" 200 16249 "-" "-"
> 192.168.0.4 59.104.55.168 - - [20/Mar/2006:04:55:13 +0000] "CONNECT
> 210.200.181.193:25 HTTP/1.0" 200 16249 "-" "-"

These messages indicate that someone is connecting to your webserver
and use the CONNECT method to connect to remote mailserver.  The fact
that it's returning 200 is a concern however if mod_proxy is not
loaded then I can't see how it suceeded.  I would have a go myself but
the myriad of firewalls and proxies here at work won't allow it, I'll
try at home later.

One thing you can try yourself is:

$ telnet www.kungfu.dyndns.org 80

Then type

CONNECT 210.200.181.193:25 HTTP/1.0

and press return twice.  Then post the result back to the list.

Cheers
Mark

> I have no idea if this brings up an error or not alot of the things people
> attempt I have copied into my browser & I get a message back saying hacking
> attempt. So also brings up 200 code.
>
> Does anyone know how I can replicate this to test my machine.?
>
> Cheeers
>
> Dave
> On Monday 24 April 2006 12:15, herefordshire-request at mailman.lug.org.uk wrote:
> > Send Herefordshire mailing list submissions to
> >       herefordshire at mailman.lug.org.uk
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> >       https://mailman.lug.org.uk/mailman/listinfo/herefordshire
> > or, via email, send a message with subject or body 'help' to
> >       herefordshire-request at mailman.lug.org.uk
> >
> > You can reach the person managing the list at
> >       herefordshire-owner at mailman.lug.org.uk
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of Herefordshire digest..."
>
> _______________________________________________
> Herefordshire mailing list
> Herefordshire at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/herefordshire
>


--
Mark Broadbent
Herefordshire LUG Master

* http://www.wetlettuce.com/
* http://www.herefordshire.lug.org.uk/



More information about the Herefordshire mailing list