Re: apache config question - China IP's
On Mon, Feb 20, 2006 at 09:41:42PM -0600, Jacob S wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Mon, 20 Feb 2006 16:28:20 -0500
> Kevin Coyner <kevin@rustybear.com> wrote:
> >
> > Now the server I work on is in the IP range 64.34.x.x, and has
> > nothing to do with 1-shops.com. And the client - 221.226.124.109 -
> > that is hitting on my Apache server can be traced back to China.
> >
> > So what is this? They are not requesting pages that exist on my
> > server, but pages on other domains. My server gives the proper
> > error code back - 404.
> >
> > I normally wouldn't worry about this, but in the last month these
> > types of entries have increased dramatically, with most of them
> > originating from IP's in China.
>
> They're looking for open proxies. People that are lazy in
> loading/configuring mod_proxy in apache can easily turn a webserver
> into an open proxy. So they scan for one, similar to the way we've all
> seen attempts at finding open smtp gateways or easily crackable ssh
> passwords.
They might be looking for open proxies so as to access websites that the
Chinese government has banned. If so, it's up to you do decide whether
you will aid them or hinder them in this.
-- hendrik
Reply to: