homepage Welcome to WebmasterWorld Guest from 54.161.214.221
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
Forum Library, Charter, Moderators: Receptional & mademetop

Website Analytics - Tracking and Logging Forum

    
another "CONNECT mailin-03.mx.aol.com" question
this one has a 200 OK status code
nancyb




msg:903954
 7:12 am on Apr 16, 2003 (gmt 0)

I found a strange entry in my logs today

219.93.200.190 - - [13/Apr/2003:22:13:45 -0500] "CONNECT mailin-03.mx.aol.com:25 HTTP/1.0" 200 305 "-" "-"

Searched here and found two threads, which said these were attempts to use a proxy to send email. However, the entries reported were all 400 status codes so, no problem.

Next, I went back through my log files for the last month and found several more of these, also 400. But, there were also 5 entries with 200 status codes.

Doesn't the 200 mean someone actually used my account, probably to send spam emails?

 

nancyb




msg:903955
 6:06 pm on Apr 24, 2003 (gmt 0)

I'm bumping this up since it didn't get a response before and I'm still concerned.

In the mean time, my host told me that they tried and couldn't connect through an aol proxy from my domain (I think that's how they worded it).

However, the two entries in my log file show their attempts as 400s. This week I've two more of these which were 200s again. So far this month there have been 8 attempts that were 200 status and 4 that resulted in 400 status.

I asked my hosting service, twice, why the 200s instead of a 400 - if it doesn't work, but they haven't responded directly to that question. So, I'm still wondering why there are 200s and don't 200s mean the attempts worked? Especially since on the two days this week where there were 200s I received bounced back spam emails that I didn't send. I know they could be forged, but this seems suspicious - I think.

Can someone explain this to me or send me somewhere to learn about it. Thanks,

jdMorgan




msg:903956
 6:56 pm on Apr 24, 2003 (gmt 0)

nancyb,

I can't give you an answer, but could you post raw log file examples of the 200 and 400 CONNECTs?

Also, what server are you on?

Jim

nancyb




msg:903957
 7:21 pm on Apr 24, 2003 (gmt 0)

Jim,
4.42.106.253 - - [07/Apr/2003:02:31:36 -0500] "CONNECT mailin-03.mx.aol.com:25 HTTP/1.0" 200 305 "-" "-"
12.238.26.161 - - [09/Apr/2003:09:13:35 -0500] "CONNECT mailin-01.mx.aol.com:25 HTTP/1.0" 200 305 "-" "-"
64.172.207.37 - - [10/Apr/2003:06:05:03 -0500] "CONNECT mailin-03.mx.aol.com:25 HTTP/1.0" 200 305 "-" "-"
218.247.140.35 - - [10/Apr/2003:20:48:25 -0500] "CONNECT mailin-02.mx.aol.com:25 HTTP/1.0" 200 305 "-" "-"

219.93.200.190 - - [13/Apr/2003:22:13:45 -0500] "CONNECT mailin-03.mx.aol.com:25 HTTP/1.0" 200 305 "-" "-"
216.71.84.197 - - [16/Apr/2003:00:19:54 -0500] "CONNECT www.google.com:80 HTTP/1.0" 400 381 "-" "-"
209.150.149.90 - - [16/Apr/2003:00:22:37 -0500] "CONNECT mailin-03.mx.aol.com:25 HTTP/1.0" 400 382 "-" "-"
216.71.84.19 - - [16/Apr/2003:00:35:10 -0500] "CONNECT mailin-03.mx.aol.com:25 HTTP/1.0" 200 305 "-" "-"

213.245.88.56 - - [23/Apr/2003:08:58:50 -0500] "CONNECT mailin-01.mx.aol.com:25 HTTP/1.0" 200 305 "-" "-"
216.172.111.19 - - [24/Apr/2003:08:51:22 -0500] "CONNECT mailin-04.mx.aol.com:25 HTTP/1.0" 200 305 "-" "-"

The two with a 400 (April 16) are from host tech support.

Hosting service said 'hosted on a Linux server' and 'this is a windows vunerability so not a worry'. My response "ok, but why a 200?' to which I didn't get an answer.

Thanks for taking a look Jim

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved