Re: Try to hack ?
Michelle Konzack writes:
sinc 2004-06-14 I have following entries in my BOA-Log:
buffer overrun - read.c, read_header - closing
Could be somebody trying to exploit a recently discovered Apache header
vulnerability. For instance: http://www.guninski.com/httpd1.html
malformed request: "CONNECT 188.8.131.52:802 HTTP/1.0"
That's a common one I see too -- people trying to use a HTTP server as a
proxy to surf other sites or use your web server to relay spam. Not having
a proxy or clamping down with ACLs are your protection. Presumably, BOA
logged it as a malformed request because it doesn't support "CONNECT" http