[WEB4LIB] Web server spoofing

Charles F. Bearden cbearden at ruf.rice.edu
Thu Oct 15 02:34:20 EDT 1998


On Wed, 14 Oct 1998, Bob Rasmussen wrote:

> I am investigating strange entries in our web server's access log, in which
> our server is being told to GET a cgi on a porno site (nakedgirls.com). I
> suspect that the porno site has a long list of other companies' web servers,
> which are used at random, perhaps to a) shove the traffic load off onto other
> (unsuspecting) sites, and/or b) to sidestep filtering software. My questions:
> 
> 1. Has anyone else noticed this?
> 
> 2. Are my guesses right about what they're trying to accomplish?
> 
> 3. Am I being damaged by this?
> 
> 4. How can I prevent it (my web server is Apache)?
> 
> Regards,
> ...Bob Rasmussen,   President,   Rasmussen Software, Inc.

The only reason I can think of why GET requests for another server should
appear in your access logs is that the requester has configured their 
browser to use your server as a proxy (Apache does proxying).  My 
guess is that someone is trying to launder their IP through your web 
server when using this site.

What is the status code in the logs for the odd requests?  If it is "200",
then it looks like your server is acting as a proxy.  If it is "403",
then your server isn't configured to handle proxy requests, so they
are being refused.  

You might want to look through the conf files of your server for lines
reading
  ProxyRequests On
Be sure to check VirtualHost sections as well.  If you find this 
directive, you can disable proxying by changing "On" to "Off" and 
restarting the server.

Of course, with the creative application of Apache's mod_rewrite 
rules, you could have some laughs with the furtive proxyer.

Chuck
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Chuck Bearden                                   cbearden at rice.edu
Electronic Resources Librarian    
Fondren Library--MS44                        713 / 527-8101 x3634
Rice University                              713 / 737-5859 (fax)
P.O. Box 1892
Houston, TX 77251-1892
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::



More information about the Web4lib mailing list