Re: Apache Question

["Karsten W. Rohrbach" <ka...@rohrbach.de>]

old post, but due to recent 'cracktivity' going on out there a short
note

Andrew Kenna(andrewk@stamina.com.au)@2001.08.01 13:42:05 +0000:
> I know this has nothing todo with mirroring of the apache site, but I can't
> find any other mailing lists
> 
> I have recently been getting entries appearing in my apache-status logs as
> follows
> 
> 6-3 - 0/0/64 . 0.04 1944 6 0.0 0.00 0.08 pd900f25a.dip.t-dialin.net
> (unavailable) GET http://www.cash2002.de/cgi-bin/cash_x.cgi?ID=3305108
> HTTP/1

a typical connection attempt to check out if your apache is configured
as a proxy. perhaps the apache.org crew or netcraft or whoever should do
a coordinated query on all apache servers, if they got mod_proxy enabled
by their vendor default installation or by accident. you'd like to see
the access_log entry instead. the mod_status output does not contain the
http result code.

> I can only assume by this that someone is using my web server as some sort
> of re-director so they can crappy sites on the net ? 

as i said, it is a proxy probe. there are several skriptkiddie toolz out
there by now that do this. the scans i get on my sites are getting
heavier and heavier.

> What can I do to prevent these sorts of things appearing

disable mod_proxy, or - if it's needed - configure it correctly. if it's
not active, the client gets a 404 and everything is fine.

regards,
/k

-- 
> Love does not make the world go around, just up and down a bit.
KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie
http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.net/
GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE  DF22 3340 4F4E 2964 BF46
My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/
Please do not remove my address from To: and Cc: fields in mailing lists. 10x