The Artima Developer Community
Articles | News | Weblogs | Books | Forums
Artima Forums | Articles | Weblogs | Java Answers | News
Sponsored Link

PHP Buzz Forum
mod_proxy as a spammer

0 replies on 1 page.

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 0 replies on 1 page
Alan Knowles

Posts: 390
Nickname: alank
Registered: Sep, 2004

Alan Knowles is Freelance Developer, works on PHP extensions and PEAR.
mod_proxy as a spammer Posted: Sep 22, 2005 8:21 AM
Reply to this message Reply

This post originated from an RSS feed registered with PHP Buzz by Alan Knowles.
Original Post: mod_proxy as a spammer
Feed Title: Smoking toooo much PHP
Feed URL: http://www.akbkhome.com/blog.php/RSS.xml
Feed Description: More than just a blog :) 		Latest PHP Buzz Posts
Latest PHP Buzz Posts by Alan Knowles
Latest Posts From Smoking toooo much PHP

Advertisement
I had a nice phone call today from my ISP, they let me know that my outgoing port 25 had been auto-blocked due to excessive traffic.

Agh, an instant chkrootkit indicated nothing scary, so I started digging into the reasons behind this. I have to say my local ISP Netfront, has world class service. Gary, who I was dealing with, was very co-operative, opened up port 25 so we could track down the problem. To be honest, I was amazed at the service where they actually called me to let me know they where blocking my service. I'm sure there are many a broadband fixed IP user who would envy this kind of service.

After chkrootkit failed to find anything and Gary had opened the port, I ran 
#netstat -n | grep 25
tcp        0      0 myip:33236         someip:25           TIME_WAIT
This indicated a few outgoing connections on port 25, so I asked one of my collegues who thankfully knows linux better than me;) for ideas to track down what process was doing this.
#fuser 33236/tcp
33236/tcp:             25045
This indicated the process id that was causing the connection, and now down to good old ps
#ps auxw | grep 25045
www-data    25045  ......  /usr/sbin/apache2 -k start -DSSL

Agh - Apache was causing port 25 connections. - My first thought was some horrific mistake I made with my PHP code, but a quick look through the apache log files indicated that my suspicions where not quite correct. the apache log file had rather a large number of these.. - from various ip addresses.
210.245.151.81 - - ... "POST http://202.81.252.1:25/ HTTP/1.1" 200 ..
At this point I started to suspect the reverse proxies on my server (especially as I had set it up again recently on another server and had to deal with the default config there)

My debian based install had a file in apache2/mods-available called proxy.conf, which I had not copied to apache2/mods-enabled. I had only copied the proxy.load file.

In this file, was the critical section.
        <Proxy *>
                Order deny,allow
                Deny from all
                #Allow from .your_domain.com
        </Proxy>
This blocks all access to the proxy, So after adding this file, to enable my old reverse proxies,  I had to add sections like this to open a few specific proxies
        <Proxy http://devel/>
                Order allow,deny
                Allow from all
        </Proxy>
The only problem I had was that my php5 server was running on port 81, and this config failed to allow access via the reverse proxy.
      <Proxy http://php5.akbkhome.com:81/>
		#this doesnt work?!!!
                Order allow,deny
                Allow from all
        </Proxy>
Anyway, at least I'm not a spammer anymore..

Read: mod_proxy as a spammer

Topic: PEAR 1.4.0, Stable! Previous Topic   Next Topic Topic: PHP Encapsulation Surprises
Sponsored Links


Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use