Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Strange CONNECT entries in apache logs

From: Thomas Jensen <securityfocus () obscure dk>
Date: Wed, 11 Jun 2003 09:53:17 +0200
Rajkumar S wrote:

Hi,
While going through my apache logs, I found some logs indicating CONNECT requests to port 25 of other hosts.
213.130.24.192 [06/Jun/2003:08:44:58 +0530] "CONNECT 194.67.23.20:25 HTTP/1.1" 302 5 "-" "-" 130.94.247.248 [06/Jun/2003:10:26:17 +0530] "CONNECT 207.44.188.67:25 HTTP/1.0" 200 14409 "-" "-" 130.94.247.248 [06/Jun/2003:09:56:21 +0530] "CONNECT smtp.rol.ru:25 HTTP/1.0" 200 17757 "-" "-" 

I just looked in my logs and found the same (CONNECT with a 200 code).
However it might not be the problem it seems to be. I tried connecting with telnet and execute a CONNECT command - the result was a 200 code and the output of my own /index.php page. I have found several references to this being a PHP4 bug, which can happen when you have an index.php file and a DirectoryIndex index.php directive in you Apache conf. 

Best regards
Thomas Jensen


----------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: