Keith Roberts wrote:
Hi everyone.
Can anyone tell what the following apache logs are?
The last line looks like they managed to connect to port 25.
Or did someone get my machine to connect to another servers port 25?
220.163.27.187 - - [27/Feb/2004:16:00:48 +0000] "\x04\x01" 200 0 "-" "-" 220.163.27.187 - - [27/Feb/2004:16:01:40 +0000] "\x05\x01" 200 0 "-" "-"
Raw SOCKS connection attempt? Check error log for "illegal request type" (iirc)
220.163.27.187 - - [27/Feb/2004:16:01:51 +0000] "CONNECT 207.217.125.22:25 HTTP/1.1" 200 5664 "-" "-"
Looks like they can use your server to proxy SMTP traffic. But note: error code may be wrong. I remember there was something about a buggy module giving wrong error codes, please try google on that. this should to the trick: gg: apache "\x04\x01" CONNECT Lars Ellenberg