[users@httpd] Connection attempts - mod_proxy

Tue, 29 Jun 2010 13:53:44 -0700 

Hello list
Using CentOS 5.4 version of apache httpd-2.2.3-31.el5. I have several virtualhost and one of the virtualhost, use mod_proxy to serve a web site I have running on Windows 2003, this server is not available online, it is an internal server. 


Reviewing the messages I found Logwatch who have tried to use my server 
through the same mod_proxy to connect to other servers or sites.


Connection attempts using mod_proxy:

   95.25.10.121 -> 205.188.251.11:443: 1 Time(s)
   95.25.10.121 -> 205.188.251.16:443: 1 Time(s)
   95.25.10.121 -> 205.188.251.21:443: 1 Time(s)
   95.25.10.121 -> 205.188.251.26:443: 1 Time(s)
   95.25.10.121 -> 205.188.251.31:443: 1 Time(s)
   95.25.10.121 -> 205.188.251.36:443: 1 Time(s)
   95.25.10.121 -> 64.12.202.116:443: 1 Time(s)
   95.25.10.121 -> 64.12.202.43:443: 1 Time(s)
   95.25.10.121 -> 64.12.202.50:443: 1 Time(s)
   95.25.45.157 -> 205.188.251.11:443: 2 Time(s)
   95.25.45.157 -> 205.188.251.16:443: 2 Time(s)
   95.25.45.157 -> 205.188.251.1:443: 2 Time(s)
   95.25.45.157 -> 205.188.251.21:443: 2 Time(s)
   95.25.45.157 -> 205.188.251.26:443: 2 Time(s)
   95.25.45.157 -> 205.188.251.31:443: 2 Time(s)
   95.25.45.157 -> 205.188.251.36:443: 2 Time(s)
   95.25.45.157 -> 205.188.251.6:443: 2 Time(s)
   95.25.45.157 -> 64.12.202.116:443: 3 Time(s)
   95.25.45.157 -> 64.12.202.15:443: 2 Time(s)
   95.25.45.157 -> 64.12.202.1:443: 2 Time(s)
   95.25.45.157 -> 64.12.202.22:443: 2 Time(s)
   95.25.45.157 -> 64.12.202.29:443: 2 Time(s)
   95.25.45.157 -> 64.12.202.36:443: 2 Time(s)
   95.25.45.157 -> 64.12.202.43:443: 3 Time(s)
   95.25.45.157 -> 64.12.202.50:443: 3 Time(s)
   95.25.45.157 -> 64.12.202.8:443: 2 Time(s)
   95.26.235.217 -> 205.188.251.11:443: 2 Time(s)
   95.26.235.217 -> 205.188.251.16:443: 2 Time(s)
   95.26.235.217 -> 205.188.251.1:443: 2 Time(s)
   95.26.235.217 -> 205.188.251.21:443: 2 Time(s)
   95.26.235.217 -> 205.188.251.26:443: 2 Time(s)
   95.26.235.217 -> 205.188.251.31:443: 2 Time(s)
   95.26.235.217 -> 205.188.251.36:443: 1 Time(s)
   95.26.235.217 -> 205.188.251.6:443: 2 Time(s)
   95.26.235.217 -> 64.12.202.116:443: 1 Time(s)
   95.26.235.217 -> 64.12.202.15:443: 2 Time(s)
   95.26.235.217 -> 64.12.202.1:443: 2 Time(s)
   95.26.235.217 -> 64.12.202.22:443: 2 Time(s)
   95.26.235.217 -> 64.12.202.29:443: 2 Time(s)
   95.26.235.217 -> 64.12.202.36:443: 2 Time(s)
   95.26.235.217 -> 64.12.202.43:443: 1 Time(s)
   95.26.235.217 -> 64.12.202.50:443: 1 Time(s)
   95.26.235.217 -> 64.12.202.8:443: 2 Time(s)



the question is, should I be alarmed, because I fail to interpret if 
they could use mod_proxy to connect to these sites?



There a tool that runs under Linux that allows audit any activity or 
attempted attack on my apache server?


Thanks & Regards






















					Reply via email to