On Thu, 28 Aug 2003, Eli Marmor wrote: > According to research companies, most of the current spamming is done > using HTTP proxies. Spammers assistant scripts scan the net 24 hours a > day, looking for open proxies, and then use them to spread the spam.
Correct. And people continue to submit this to [EMAIL PROTECTED] as a bug on a fairly regular basis, even though it is due to a misconfiguration on their part. All you have to do is configure mod_proxy correctly, which lots of sites do not. In particular, setting "ProxyRequests on" without proper access controls will create the kind of bad situation that leads to this problem. Most of the time what has happened is that the site admin really only wanted to provide a REVERSE proxy (as with ProxyPass), not a forward one. "ProxyRequests on" is not required for ProxyPass to work. Someone suggested adding a directive to control which ports the proxy will connect to (note there's already a directive that controls this for CONNECT requests), but since open HTTP proxies are bad for the internet in general (in the anonymous-HTTP-to-third-parties sense as well as the backdoor-to-your-SMTP-server sense), it didn't seem worth it to block _some_ of the bad behavior when fixed configurations would easily block ALL of it -- using already existing directives. We've been attempting to conduct a bit of user education by way of improved documentation, removed default configurations, and a few posts to bugtraq, but obviously people still have wide open HTTP proxies due to old, broken configurations, and will probably continue to do for some time to come. :( --Cliff
