[NBLUG/talk] CONNECT lines in access_log...
Julian Plamann
julian at abbey.ox.cx
Thu Mar 20 19:42:00 PST 2003
On Thu, 2003-03-20 at 19:16, Daniel Smith wrote:
>
> I just happened to look over my Apache 1.3.27 access_log.
> Do these lines look familiar to anyone? Is it a spammer
> trying to somehow use Apache as a relay?
> Just wondering about them.
Yep,
I get those all the time (in fact most of the CONNECT attempts I get
also try to go for smtp.rol.ru). They seem to be pretty harmless
(probably scanning for proxy servers running on port 80 or something)
--Julian
> bucky:apache/logs :-) grep CONN access_log
> 4.43.250.47 - - [13/Mar/2003:20:28:50 -0800] "CONNECT smtp.rol.ru:25 HTTP/1.0"
> [snip......]
>
> 62.118.251.29 - - [19/Mar/2003:00:32:52 -0800] "CONNECT whois.ripe.net:43 HTTP/
> .1" 400 307
> 172.154.145.68 - - [19/Mar/2003:19:40:01 -0800] "CONNECT smtp.rol.ru:25 HTTP/1.
> " 200 215
> 172.137.130.22 - - [20/Mar/2003:14:47:58 -0800] "CONNECT smtp.rol.ru:25 HTTP/1.
> " 200 215
> 66.237.0.71 - - [20/Mar/2003:18:07:13 -0800] "CONNECT maila.microsoft.com:25 /
> TTP/1.0" 400 299
> 172.137.130.22 - - [20/Mar/2003:18:40:06 -0800] "CONNECT smtp.rol.ru:25 HTTP/1.
> " 200 215
--
Julian Plamann | Email: <julian at abbey.ox.cx>
OX.CX Public System | Key ID: <0xCC019D52>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://nblug.org/pipermail/talk/attachments/20030320/29640330/attachment.pgp
More information about the talk
mailing list