[HLUG] Ref using my machine as a relay!!
John Hedges
john at drystone.co.uk
Wed Apr 26 12:52:41 BST 2006
> > I run an apache webserver on my machine as I host 4 websites. I think I am
> > having a problem with someone relaying data through apache although I dont
> > have the proxy mod installed. I wont atache the whole log file but the
> > relevent parts.
> >
> > www.kungfu.dyndns.org 212.95.252.16 - - [12/Mar/2006:02:25:10 +0000] "GET /
> > HTTP/1.0" 200 1593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
> >
> >
> > 192.168.0.4 59.104.55.168 - - [20/Mar/2006:04:54:58 +0000] "CONNECT
> > 210.200.181.194:25 HTTP/1.0" 200 16249 "-" "-"
> > 192.168.0.4 59.104.55.168 - - [20/Mar/2006:04:55:03 +0000] "CONNECT
> > 210.200.181.194:25 HTTP/1.0" 200 16249 "-" "-"
> > 192.168.0.4 59.104.55.168 - - [20/Mar/2006:04:55:13 +0000] "CONNECT
> > 210.200.181.193:25 HTTP/1.0" 200 16249 "-" "-"
>
> These messages indicate that someone is connecting to your webserver
> and use the CONNECT method to connect to remote mailserver. The fact
> that it's returning 200 is a concern however if mod_proxy is not
> loaded then I can't see how it suceeded. I would have a go myself but
> the myriad of firewalls and proxies here at work won't allow it, I'll
> try at home later.
>
> One thing you can try yourself is:
>
> $ telnet www.kungfu.dyndns.org 80
>
> Then type
>
> CONNECT 210.200.181.193:25 HTTP/1.0
>
> and press return twice. Then post the result back to the list.
This could be an issue with PHP handling all requests regardless of the
method and returning a default page for your installation. Here are a
couple of links from a google search 'apache php connect method'
describing possible workarounds.
http://mail-archives.apache.org/mod_mbox/httpd-users/200506.mbox/%3C8C29B2F93BAE9047A906EF6D6F9C5D4330766E@exchange2k301.gaia.fr%3E
http://bugs.php.net/bug.php?id=19113
It doesn't seem to pose a security threat, despite the misleading log
messages.
Cheers
John
More information about the Herefordshire
mailing list