I'm new to apache http server configuration, a week ago I installed my first one! But yesterday, my connection was overloaded and I figured out that my http server was used as a proxy by hackers. The access.log file is filled up by thousand access to exterior sites and it was groing up seconds by seconds. There is a short access.log example in attachement.
I gess it's a matter of configuarion. Can anybody help ?
It looks like you have some proxy configuration in httpd.conf. Before fixing that you can sniff the traffic and grab some usernames and passwords that the proxy thieves are using. Take this part of the log for example:
If you were sniffing the traffic and saving it somewhere you could snag his porn password You must realize that while you think you're the victim, you are really in control since it's your server. You can trace back their IPs and report the activity to their ISP, you can monitor their traffic and you can cut them off anytime.
This might be an interesting time to try a port scanner on some of these people.