SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Member
    Join Date
    Mar 2004
    Location
    Bruxelles
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Apache http server used as a proxy (hacked)

    Hi!
    I'm new to apache http server configuration, a week ago I installed my first one! But yesterday, my connection was overloaded and I figured out that my http server was used as a proxy by hackers. The access.log file is filled up by thousand access to exterior sites and it was groing up seconds by seconds. There is a short access.log example in attachement.
    I gess it's a matter of configuarion. Can anybody help ?

    Thanks in advance !
    (Excuse my poor english)
    Attached Files Attached Files

  2. #2
    Rabble Rouser bronze trophy
    Join Date
    Jan 2003
    Location
    Mountain View, CA
    Posts
    427
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I haven't looked at the access log yet, but do you have mod_proxy loaded in your httpd.conf?

  3. #3
    SitePoint Member
    Join Date
    Mar 2004
    Location
    Bruxelles
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Paul_C
    I haven't looked at the access log yet, but do you have mod_proxy loaded in your httpd.conf?
    All proxy modules lines are commented ...


    #LoadModule proxy_module modules/mod_proxy.so
    #LoadModule proxy_connect_module modules/mod_proxy_connect.so
    #LoadModule proxy_http_module modules/mod_proxy_http.so
    #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so

  4. #4
    SitePoint Addict
    Join Date
    Nov 2001
    Posts
    213
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It looks like you have some proxy configuration in httpd.conf. Before fixing that you can sniff the traffic and grab some usernames and passwords that the proxy thieves are using. Take this part of the log for example:

    "GET http://members.publicamateurs.com/ HTTP/1.0"

    If you were sniffing the traffic and saving it somewhere you could snag his porn password You must realize that while you think you're the victim, you are really in control since it's your server. You can trace back their IPs and report the activity to their ISP, you can monitor their traffic and you can cut them off anytime.

    This might be an interesting time to try a port scanner on some of these people.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •