Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [suse-security] Strange entry in Apache log
From: Arjen Runsink (arjenzeilers.net)
Date: Fri Feb 27 2004 - 14:33:12 CST
On Friday 27 February 2004 18:29, Keith Roberts wrote:
> Or did someone get my machine to connect to another servers
> port 25?
They tried to.
> 18.104.22.168 - - [27/Feb/2004:16:01:51 +0000]
> "CONNECT 22.214.171.124:25 HTTP/1.1" 200 5664 "-" "-"
> I have just been to grc.com, and my SMTP port is stealthed.
This has nothing to do with your smtp port
They scanned for open proxies and tried if your apache would allow to proxy.
The trick is that even smtp connections can be proxied over a web proxy.
Just make sure this is not possible with your apache
so check error_log for confirmation this failed.
If not. get that apache off-line and remove proxy on directive asap!
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here