You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by sp...@rhoderunner.com on 2003/10/31 19:46:57 UTC

[users@httpd] how is my apache being an open relay?

I was checking my access_log.  It appears that I am an open relay!  How
can I prevent this?  How is it happenning?

I am using ModProxy, but I have everything mapped to a destination.  I am
using 1.3.23

I need to have ModProxy running.  But all my proxy directives are internal
only.  I don't have anything that could be causing this.

Here are my Proxy directives.
<IfModule mod_proxy.c>
        ProxyRequests On
        ProxyPass /roller http://localhost:9081/roller
        ProxyPassReverse /roller http://www.rhoderunner.com/roller

        ProxyPass /hrawiki http://localhost:9081/hrawiki
        ProxyPassReverse /hrawiki http://www.rhoderunner.com/hrawiki
</IfModule>


Thanks!



203.98.133.232 - - [31/Oct/2003:13:31:42 -0500] "POST
http://216.170.99.242:25/
HTTP/1.1" 200 2848 "-" "-"
218.2.4.215 - - [31/Oct/2003:13:31:44 -0500] "GET
http://www.zanox-affiliate.de/
ppv/?745726C1462612851 HTTP/1.0" 302 199 "http://mydown.de" "Mozilla/4.0
(compat
ible; MSIE 5.5; Windows 98)"
218.2.4.215 - - [31/Oct/2003:13:31:45 -0500] "GET
http://www.lycos.de/affiliate/
werbemittel/mobile/fullsize_dasneue_dieter.gif HTTP/1.0" 200 5852
"http://mydown
.de" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
203.98.133.232 - - [31/Oct/2003:13:31:49 -0500] "POST
http://216.170.99.242:25/
HTTP/1.1" 200 2342 "-" "-"
219.155.131.152 - - [31/Oct/2003:13:32:10 -0500] "GET
http://service.bfast.com/b
fast/serve?bfmid=37920209&siteid=40553325&bfpage=gen_234x60 HTTP/1.0" 200
43 "ht
tp://www.24hourfitness.com/" "Mozilla/4.0 (compatible; MSIE 5.02; Windows
NT)"
203.98.133.232 - - [31/Oct/2003:13:32:27 -0500] "POST
http://216.170.99.242:25/
HTTP/1.1" 200 2559 "-" "-"
61.177.78.31 - - [31/Oct/2003:13:06:19 -0500] "GET
http://app.datingdirect.com/toolbox/single120x60.gif HTTP/1.0" 302 176
"http://www.eachfree.co.uk/" "Mozilla/4.0 (compatible; MSIE 4.01; Windows
95)"
61.177.78.31 - - [31/Oct/2003:13:06:20 -0500] "GET
http://app1.datingdirect.com/toolbox/single120x60.gif HTTP/1.0" 200 4509
"http://www.eachfree.co.uk/" "Mozilla/4.0 (compatible; MSIE 4.01; Windows
95)"
219.155.68.166 - - [31/Oct/2003:13:08:10 -0500] "GET
http://ads.clickagents.com/jsmaster HTTP/1.1" 200 4804
"http://www.smartinmalls.com/" "Mozilla/4.0 (compatible; MSIE 4.01;
Windows 95)"
219.155.68.166 - - [31/Oct/2003:13:08:14 -0500] "GET
http://ads.clickagents.com/advance.ca?host=hs0276026&b=pagebuster.424&v=1.1.10&size=468x60&t=js
HTTP/1.1" 200 374 "http://www.smartinmalls.com/" "Mozilla/4.0 (compatible;
MSIE 4.01; Windows 95)"
218.2.4.215 - - [31/Oct/2003:13:09:02 -0500] "GET
http://boopin.com/s.php?keywords=Poker&username=goodblondejokes HTTP/1.0"
200 7908 "http://www.goodblondejokes.com/" "Mozilla/4.75 [ru] (Win98; I)"
218.2.4.215 - - [31/Oct/2003:13:09:03 -0500] "GET
http://www.boopin.com/out.php?ahassoahzs|http://www.partypoker.com/
HTTP/1.0" 302 0
"http://boopin.com/s.php?keywords=Poker&username=goodblondejokes"
"Mozilla/4.75 [ru] (Win98; I)"
218.2.4.215 - - [31/Oct/2003:13:09:04 -0500] "GET
http://www.partypoker.com/ HTTP/1.0" 302 207
"http://boopin.com/s.php?keywords=Poker&username=goodblondejokes"
"Mozilla/4.75 [ru] (Win98; I)"
218.2.4.215 - - [31/Oct/2003:13:09:06 -0500] "GET
http://www2.partypoker.com/ HTTP/1.0" 200 22955
"http://boopin.com/s.php?keywords=Poker&username=goodblondejokes"
"Mozilla/4.75 [ru] (Win98; I)"
218.2.4.215 - - [31/Oct/2003:13:09:15 -0500] "GET
http://www.zanox-affiliate.de/ppv/?749008C373084010 HTTP/1.0" 302 168
"http://desports.de" "Mozilla/4.0 (compatible; MSIE 4.0; Windows 95)"
218.2.4.215 - - [31/Oct/2003:13:09:17 -0500] "GET
http://www.newsdeutschland.de/hecke468_60.gif HTTP/1.0" 200 12596
"http://desports.de" "Mozilla/4.0 (compatible; MSIE 4.0; Windows 95)"
61.177.79.86 - - [31/Oct/2003:13:09:35 -0500] "GET
http://focusin.ads.targetnet.com//ad/id=potit&opt=hhj&rw=468&rh=60&cv=210&uid=6655418
HTTP/1.1" 200 508 "http://www.leozhi.com/" "Mozilla/4.0 (compatible; MSIE
5.0; AOL 8.0; Windows 98; DigExt)"
218.3.6.118 - - [31/Oct/2003:13:10:17 -0500] "GET
http://service.bfast.com/bfast/serve?bfmid=23276761&siteid=39924508&bfpage=superpageshomepage
HTTP/1.0" 200 43 "http://www.travelsinfo.com" "Mozilla/4.0 (compatible;
MSIE 4.01; Windows 95)"
218.2.4.215 - - [31/Oct/2003:13:10:29 -0500] "GET
http://service.bfast.com/bfast/serve?bfmid=115759&sourceid=40055882&categoryid=home_equity_loans
HTTP/1.0" 200 43 "http://www.9go.net" "Mozilla/4.0 (compatible; MSIE 5.5;
Windows 98)"
219.155.131.152 - - [31/Oct/2003:13:10:32 -0500] "GET
http://service.bfast.com/bfast/serve?bfmid=37925229&siteid=39921801&bfpage=large_banner
HTTP/1.0" 200 43 "http://www.spnew.com/" "Mozilla/4.5 [en] (Win95; I)"
219.155.131.152 - - [31/Oct/2003:13:10:56 -0500] "GET
http://www.revenuepilot.com/gopilot/index.jsp?id=3928&filter=off&keyword=Accomodation
HTTP/1.0" 503 939 "http://www.bestplaza.net/" "Mozilla/4.0 (compatible;
MSIE 5.5; Windows NT)"
218.93.38.201 - - [31/Oct/2003:13:10:57 -0500] "GET
http://oz.valueclick.com/jsmaster HTTP/1.1" 200 5206
"http://www.betrip.com/" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)"
218.93.38.201 - - [31/Oct/2003:13:11:01 -0500] "GET
http://oz.valueclick.com/cycle?host=hs0272086&b=pagebuster.814&v=1.1.10&size=468x60&t=js
HTTP/1.1" 200 337 "http://www.betrip.com/" "Mozilla/4.0 (compatible; MSIE
4.01; Windows 98)"
218.93.38.201 - - [31/Oct/2003:13:11:05 -0500] "GET
http://cdn.valueclick.com/ad.s/a0100757.gif HTTP/1.1" 200 5781 "-"
"Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)"
219.155.131.152 - - [31/Oct/2003:13:11:23 -0500] "GET
http://www.revenuepilot.com/gopilot/index.jsp?id=7547&filter=off&keyword=free%20email
HTTP/1.0" 503 939 "http://www.luminaryartworks.com/" "Mozilla/4.0
(compatible; MSIE 5.5; Windows 98)"
219.155.131.152 - - [31/Oct/2003:13:11:29 -0500] "GET
http://www.revenuepilot.com/gopilot/index.jsp?id=7453&filter=off&keyword=Cellular
HTTP/1.0" 503 939 "http://www.smartinmalls.com/" "Mozilla/4.0 (compatible;
MSIE 5.02; Windows NT)"
219.155.68.166 - - [31/Oct/2003:13:12:12 -0500] "GET
http://ads.clickagents.com/jsmaster HTTP/1.1" 200 4804
"http://www.luminaryart.com/" "Mozilla/4.0 (compatible; MSIE 4.01; Windows
98)"
219.155.68.166 - - [31/Oct/2003:13:12:16 -0500] "GET
http://ads.clickagents.com/advance.ca?host=hs0256473&b=pagebuster.728&v=1.1.10&size=468x60&t=js
HTTP/1.1" 200 353 "http://www.luminaryart.com/" "Mozilla/4.0 (compatible;
MSIE 4.01; Windows 98)"
219.155.68.166 - - [31/Oct/2003:13:12:22 -0500] "GET
http://cdn.clickagents.com/g/usa/clka/468x60_default.gif HTTP/1.1" 200
12880 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)"
218.2.4.215 - - [31/Oct/2003:13:12:49 -0500] "GET
http://service.bfast.com/bfast/serve?bfmid=115759&sourceid=1430398&categoryid=mortgage_loans
HTTP/1.0" 200 43 "http://www.coollei.com/" "Mozilla/4.0 (compatible; MSIE
5.5; Windows 95)"
64.140.49.69 - - [31/Oct/2003:13:13:57 -0500] "GET /robots.txt HTTP/1.0"
404 280 "-" "TurnitinBot/1.5
(http://www.turnitin.com/robot/crawlerinfo.html)"


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] Re: {SPAM 03.0} [users@httpd] how is my apache being an open relay?

Posted by Joshua Slive <jo...@slive.ca>.

On Fri, 31 Oct 2003 spamsucks@rhoderunner.com wrote:

> I was checking my access_log.  It appears that I am an open relay!  How
> can I prevent this?  How is it happenning?
>
> I am using ModProxy, but I have everything mapped to a destination.  I am
> using 1.3.23
>
> I need to have ModProxy running.  But all my proxy directives are internal
> only.  I don't have anything that could be causing this.
>
> Here are my Proxy directives.
> <IfModule mod_proxy.c>
>         ProxyRequests On
>         ProxyPass /roller http://localhost:9081/roller
>         ProxyPassReverse /roller http://www.rhoderunner.com/roller
>
>         ProxyPass /hrawiki http://localhost:9081/hrawiki
>         ProxyPassReverse /hrawiki http://www.rhoderunner.com/hrawiki
> </IfModule>

Please go read the docs for mod_proxy, which tell you that you do NOT want
"ProxyRequests On" when doing reverse proxying.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org