Using http as mail spam engine
Ashley M. Kirchner
ashley at pcraft.com
Mon Nov 5 20:07:13 UTC 2007
I noticed these entries in my apache log today:
60.250.66.175 - - [01/Nov/2007:04:41:01 -0600] "CONNECT
218.32.192.11:25 HTTP/1.0" 200 12439 "-" "-"
60.250.66.175 - - [01/Nov/2007:04:41:04 -0600] "CONNECT
61.31.198.50:25 HTTP/1.0" 200 12439 "-" "-"
60.250.66.175 - - [01/Nov/2007:04:43:28 -0600] "CONNECT
60.249.125.71:25 HTTP/1.0" 200 12439 "-" "-"
159.148.97.91 - - [02/Nov/2007:22:01:40 -0600] "CONNECT
195.175.37.70:8080 HTTP/1.0" 200 14301 "-" "-"
159.148.97.91 - - [02/Nov/2007:22:01:41 -0600] "CONNECT
159.148.96.222:80 HTTP/1.0" 200 14301 "-" "-"
And while the first two are specifically targeting port 25, the
other two aren't But more importantly, how is this being done, and how
do I stop it? Did I forgot to disable something within Apache somewhere?
More information about the fedora-list
mailing list