On 03/03/2013 05:06 PM, Alexander Dalloz wrote: > Am 03.03.2013 22:49, schrieb Robert Moskowitz: > >> There was an attack, and if you search you will find references to it, >> where the spammers post to your web server in such a way that they relay >> out port 25. They send to your port 80, but you send out port 25. For >> example: >> >> http://forums.fedoraforum.org/archive/index.php/t-173601.html >> >> My old server has been running smoothly for over two years, but it is >> time to bring the software current. I did all the work on this back >> then, or maybe before and copied from my earlier server. This time I am >> trying to build everything clean and document every change I make. > Such a misbehaviour would be caused by a misconfigured apache proxy setup. >It is coming back now through a pair of dark glasses. Just haven't built >a public web server is so long, as the old one just ran for as little as >I needed it, that I lost the notes on the problem. Looks like current >defaults do not allow this. Wouldn't this attack be similar to using someone's web server as a proxy to get to other sites? By default, apache doesn't permit itself to "proxy" this way. A simple test would be to do something like this to your own web server, or one in question: $ telnet ip.of.webserver 80 GET http://www.google.com HTTP/1.0 <return><return> If life gives you lemons, keep them-- because hey.. free lemons. "~heart~ Sticker" fixer: http://microflush.org/stuff/stickers/heartFix.html