On 03/03/2013 05:06 PM, Alexander Dalloz wrote:
Am 03.03.2013 22:49, schrieb Robert Moskowitz:
There was an attack, and if you search you will find references to it, where the spammers post to your web server in such a way that they relay out port 25. They send to your port 80, but you send out port 25. For example:
http://forums.fedoraforum.org/archive/index.php/t-173601.html
My old server has been running smoothly for over two years, but it is time to bring the software current. I did all the work on this back then, or maybe before and copied from my earlier server. This time I am trying to build everything clean and document every change I make.
Such a misbehaviour would be caused by a misconfigured apache proxy setup.
It is coming back now through a pair of dark glasses. Just haven't built a public web server is so long, as the old one just ran for as little as I needed it, that I lost the notes on the problem. Looks like current defaults do not allow this.
Wouldn't this attack be similar to using someone's web server as a proxy to get to other sites? By default, apache doesn't permit itself to "proxy" this way.
A simple test would be to do something like this to your own web server, or one in question:
$ telnet ip.of.webserver 80
GET http://www.google.com HTTP/1.0 <return><return>
If life gives you lemons, keep them-- because hey.. free lemons. "~heart~ Sticker" fixer: http://microflush.org/stuff/stickers/heartFix.html