[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apache config question - China IP's


On Mon, Feb 20, 2006 at 09:41:42PM -0600, Jacob S wrote......

> > 221.226.124.109 - - [20/Feb/2006:16:17:10 -0500] "GET
> > http://1-shops.com/prx.php?p=q1w2e3r4t5y6u7i8o9p0*a-b HTTP/1.1"
> > 404 288 "http://www.google.com/intl/en-us/"; "Mozilla/4.0
> > (compatible; MSIE 6.0; Windows NT 5.0; Crazy Browser 1.0.5)"
> > 
> > So what is this?  They are not requesting pages that exist on my
> > server, but pages on other domains.  My server gives the proper
> > error code back - 404.
> 
> They're looking for open proxies. People that are lazy in
> loading/configuring mod_proxy in apache can easily turn a
> webserver into an open proxy. So they scan for one, similar to the
> way we've all seen attempts at finding open smtp gateways or
> easily crackable ssh passwords.


So aside from setting up some iptables 'drop' rules, is there any
other way from keeping this from occuring?  It's messing up my web
stats since these guys are requesting more non-existent pages that I
have real pages on the website.

Thanks
Kevin

-- 
Kevin Coyner  GnuPG key: 1024D/8CE11941  http://rustybear.com/publickey
Reply to: