|
Home > Archive > Web Servers on Unix and Linux > March 2004 > access_log: GETs to a remote host.
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
access_log: GETs to a remote host.
|
|
| Craig Harding 2004-03-22, 12:38 pm |
| apache version: 2.0.43
On my apache machine in the access_log I'm getting A LOT of GETs to a
remote host besides mine. For example, I'm running awstats on my
machine and it's showing a lot of hits to the
edit.korea.yahoo.com/config/login page. (2000-3000 hits)
When I try it myself doing the usualy telnet to port 80 and trying the
exact GET to yahoo it prints out my own index page.
Should I be worried about this except for that they're wasting my
precious bandwidth?
thanks in advance,
Craig.
| |
| Juha Laiho 2004-03-23, 3:56 pm |
| generalbeard@canada.com (Craig Harding) said:
>apache version: 2.0.43
>
>On my apache machine in the access_log I'm getting A LOT of GETs to a
>remote host besides mine. For example, I'm running awstats on my
>machine and it's showing a lot of hits to the
>edit.korea.yahoo.com/config/login page. (2000-3000 hits)
>
>When I try it myself doing the usualy telnet to port 80 and trying the
>exact GET to yahoo it prints out my own index page.
>
>Should I be worried about this except for that they're wasting my
>precious bandwidth?
If these hits succeed (are logged with 2xx response codes, and have
varying sizes), then you just told that your site is offering a public
WWW proxy service. Please shut it down.
These open proxy services are used to circumvent local traffic blockages,
and also to launch attacks against third parties (so would leave IP
address of _your_ site visible as the attacker, thus making you the first
one to inquire about what happened).
--
Wolf a.k.a. Juha Laiho Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)
| |
| craig 2004-03-25, 11:45 am |
| I'm not running a proxy on the machine, just a straight up compiled apache
webserver. I've looked at the filesizes and they all are the same size.
I'm getting like a dozen hit every so minute, some vary.
craig.
On Tue, 23 Mar 2004 20:52:00 +0000, Juha Laiho wrote:
> generalbeard@canada.com (Craig Harding) said:
>
> If these hits succeed (are logged with 2xx response codes, and have
> varying sizes), then you just told that your site is offering a public
> WWW proxy service. Please shut it down.
>
> These open proxy services are used to circumvent local traffic blockages,
> and also to launch attacks against third parties (so would leave IP
> address of _your_ site visible as the attacker, thus making you the first
> one to inquire about what happened).
| |
| Juha Laiho 2004-03-26, 3:46 pm |
| craig <generalbeard@canada.com> said:
>I'm not running a proxy on the machine, just a straight up compiled apache
>webserver. I've looked at the filesizes and they all are the same size.
Depending on how you compiled it, Apache may well include proxy
functionality. But still, are those accesses logged with some success
status code (i.e. 200 or other 2xx)?
--
Wolf a.k.a. Juha Laiho Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)
|
|
|
|
|