Proxy Forwarding to Port 25 Security Hack?

Proxy Forwarding to Port 25 Security Hack?

am 28.07.2003 20:03:07 von Dan Lincoln

I've got a LOT of the follow entries in my Apache 2.0.45 access logs...

66.216.126.181 - - [28/Jul/2003:17:37:54 -0600] "POST
http://208.187.218.206:25/ HTTP/1.1" 200 877 "-" "-"
66.216.126.181 - - [28/Jul/2003:17:37:55 -0600] "POST
http://208.187.218.208:25/ HTTP/1.1" 200 877 "-" "-"
66.216.126.181 - - [28/Jul/2003:17:37:56 -0600] "POST
http://208.187.218.205:25/ HTTP/1.1" 200 877 "-" "-"
66.216.126.181 - - [28/Jul/2003:17:37:57 -0600] "POST
http://208.187.218.134:25/ HTTP/1.1" 200 6877 "-" "-"
66.216.126.181 - - [28/Jul/2003:17:37:57 -0600] "POST
http://208.187.218.200:25/ HTTP/1.1" 200 877 "-" "-"
203.98.164.136 - - [28/Jul/2003:17:37:58 -0600] "POST
http://208.187.218.207:25/ HTTP/1.1" 502 343 "-" "-"
203.98.164.136 - - [28/Jul/2003:17:37:59 -0600] "POST
http://208.187.218.210:25/ HTTP/1.1" 502 343 "-" "-"

I have mod_proxy.c compilied in but there are no configuration directives..
I've added

Order Deny,Allow
Deny from all


and that blocks access.

Should a default installation of Apache 2 allow forwarding?

RE: Proxy Forwarding to Port 25 Security Hack?

am 04.08.2003 10:58:42 von FLombardo

Please control all the virtual host you've configured for access lists =
and the proxyvia and proxyrequests variables.

After that, to check if all is working correctly just telnet you're web =
server on 80 port, write=20
POST http://208.187.218.208:25/

And see with lsof -i -n if your httpd process is forging connection. If =
so, there are problems in your configuration.

Lombardo Federico, Network Administrator & IT Security Manager=20
Grandi Stazioni S.p.A.=20
Via G. Giolitti 34=20
00189 Roma=20
Italy=20


-----Original Message-----
From: Dan Lincoln [mailto:dlincoln@storesonline.com]=20
Sent: luned=EC 28 luglio 2003 20.03
To: 'modproxy-dev@apache.org'

I've got a LOT of the follow entries in my Apache 2.0.45 access logs...

66.216.126.181 - - [28/Jul/2003:17:37:54 -0600] "POST
http://208.187.218.206:25/ HTTP/1.1" 200 877 "-" "-"
66.216.126.181 - - [28/Jul/2003:17:37:55 -0600] "POST
http://208.187.218.208:25/ HTTP/1.1" 200 877 "-" "-"
66.216.126.181 - - [28/Jul/2003:17:37:56 -0600] "POST
http://208.187.218.205:25/ HTTP/1.1" 200 877 "-" "-"
66.216.126.181 - - [28/Jul/2003:17:37:57 -0600] "POST
http://208.187.218.134:25/ HTTP/1.1" 200 6877 "-" "-"
66.216.126.181 - - [28/Jul/2003:17:37:57 -0600] "POST
http://208.187.218.200:25/ HTTP/1.1" 200 877 "-" "-"
203.98.164.136 - - [28/Jul/2003:17:37:58 -0600] "POST
http://208.187.218.207:25/ HTTP/1.1" 502 343 "-" "-"
203.98.164.136 - - [28/Jul/2003:17:37:59 -0600] "POST
http://208.187.218.210:25/ HTTP/1.1" 502 343 "-" "-"

I have mod_proxy.c compilied in but there are no configuration =
directives..
I've added=20

Order Deny,Allow
Deny from all


and that blocks access.

Should a default installation of Apache 2 allow forwarding?