[arch-general] My Apache Sever Compromised?
ProgAndy
admin at progandy.de
Wed Apr 9 13:38:37 EDT 2014
Am 09.04.2014 19:32, schrieb Jameson:
> On Tue, Apr 1, 2014 at 9:30 AM, Nowaker <enwukaer at gmail.com> wrote:
>>>> 199.83.93.35 - - [29/Mar/2014:22:04:54 -0400]
>>>> "GET http://ro2.biz/pixel.png HTTP/1.0" 200 151
>>
>>> But the most interesting part is that your apache is replying with "200",
>>> that is OK!
>>
>> Nice catch! It's certainly a proxy.
> Thanks for everyone's help with this. I did in fact have ProxyRequests
> set to On thinking it was needed for reverse proxies as well, and have
> turned it off. Now, when I open up port 80, it looks like they're
> still trying, but I'm replying with 404. Is that what it should be
> doing? I probably also need to make sure I have some throttling setup
> in case this is too much for my Internet connection.
If you know the IP addresses (or address-ranges) you use to connect to
your server, I suggest you block everything else for the time being with
an iptables rule.
More information about the arch-general
mailing list