[Dshield] Scan of my webserver
pandry at wolverinefreight.ca
Wed Mar 5 13:01:36 GMT 2003
Yes, I have removed mod_proxy from the webserver once I saw that scan.
The first two however have me stumped.
On Tue, 2003-03-04 at 18:46, Tom Laermans wrote:
> >x.x.x.x - - [23/Feb/2003:16:11:45 -0500] "\x04\x01" 200 5533
> >x.x.x.x - - [23/Feb/2003:16:12:06 -0500] "\x05\x01" 200 5533
> >x.x.x.x - - [23/Feb/2003:16:12:07 -0500] "CONNECT 18.104.22.168:25
> >HTTP/1.1" 200 5553
> While i don't know about the first 2, the last one is an attempt to connect
> to a mailserver using your webserver as an anonymous relay.
> Apparently it succeeded, at least that's what code 200 tells me, which
> gives me the impression you're running the proxy module and are wide open
> to the world.
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
More information about the list