Logwatch?
Alexander Dalloz
ad+lists at uni-x.org
Sun May 27 19:59:47 UTC 2007
Knute Johnson schrieb:
> --------------------- httpd Begin ------------------------
>
> Connection attempts using mod_proxy:
> 220.132.60.97 -> msa.hinet.net:25: 1 Time(s)
>
> Above is a piece of my logwatch email today. What is msa.hinet.net
> actually trying to do here? Proxying is not enabled on my httpd
> server but the modules are loaded. I tried commenting out the
> loading but httpd wouldn't start then.
>
> Thanks,
Not msa.hinet.net tried to misuse your apache but 220.132.60.97. From
the host with that IP someone tried
CONNECT msa.hinet.net:25
when talking with your apache server and checking the answer. If that
would have been successful because of receiving the greeting by the mail
server a storm of spam sending through your apache acting as an open
proxy would have followed.
Alexander
More information about the fedora-list
mailing list