[arch-general] My Apache Sever Compromised?
Bardur Arantsson
spam at scientician.net
Thu Apr 10 07:14:26 EDT 2014
On 2014-04-09 19:32, Jameson wrote:
> On Tue, Apr 1, 2014 at 9:30 AM, Nowaker <enwukaer at gmail.com> wrote:
>>
>>>> 199.83.93.35 - - [29/Mar/2014:22:04:54 -0400]
>>>> "GET http://ro2.biz/pixel.png HTTP/1.0" 200 151
>>
>>
>>> But the most interesting part is that your apache is replying with "200",
>>> that is OK!
>>
>>
>> Nice catch! It's certainly a proxy.
>
> Thanks for everyone's help with this. I did in fact have ProxyRequests
> set to On thinking it was needed for reverse proxies as well, and have
> turned it off. Now, when I open up port 80, it looks like they're
> still trying, but I'm replying with 404. Is that what it should be
> doing? I probably also need to make sure I have some throttling setup
> in case this is too much for my Internet connection.
>
One approach I've seen mentioned and which seemed fun, but -- I hasten
to add -- have never personally tried is to start returning shock site
images for all such requests (obviously not for all 404s, just attempts
at abusing you as a proxy).
Regards,
More information about the arch-general
mailing list