From: Ken Cole (kcole@chapav.com.au)
Date: Thu May 10 2001 - 16:14:56 PDT
I have just taken up a new job and the RH5.2 server has ipfwadm rules in
place. I ams oon to upgrade to at least 6.2 and PMFirewall as I have
used it previously and like it very muke being a novice when it comes to
this topic.
My question:
In my apache logs I am consistently, daily, finding entries like:
202.107.11.55 - - [10/May/2001:21:21:49 +1000] "GET
http://verica.net/cgi-bin/click/click.cgi?gateway=moneycheat HTTP/1.1"
403 257
202.107.11.55 - - [10/May/2001:21:21:50 +1000] "GET
http://verica.net/cgi-bin/click/click.cgi?gateway=51web HTTP/1.1" 403
252
202.107.11.55 - - [10/May/2001:21:21:52 +1000] "GET
http://verica.net/cgi-bin/click/click.cgi?gateway=21wars HTTP/1.1" 403
253
My "real world" ip address is 139.xxx.xxx.xxx and the only other
internal connections are 192.168.x.x, a couple of subnets.
I think I have access to the proxy covered with a directory command in
the apache configuration.
how can someone from 202.107.11.55 be accessing pages from verica.net
via my proxy and how can I stop it?
Ken Cole
****************************************************************************
* To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall"
* in the message body to majordomo@pointman.org. Please direct other
* questions, comments, or problems to pmfirewall-owner@pointman.org.
*
* Need answers fast? Check the list archive located at:
* http://www.pointman.org/PMFirewall/list-archive/
*
This archive was generated by hypermail 2b29 : Sun Jun 10 2001 - 02:41:34 PDT