1. Home
  2. Forums Index
  3. WebmasterWorld / Website Analytics - Tracking and Logging 5:53 am May 14, 2026

Forum Moderators: DixonJones

Message Too Old, No Replies

Anyone ID this request?

from logfile: "CONNECT smtp1.sympatico.ca:25 HTTP/1.0"

         

Slade

7:03 pm on Aug 30, 2002 (gmt 0)

10+ Year Member 




216.209.172.182 - - [30/Aug/2002:13:20:00 -0400] "CONNECT smtp1.sympatico.ca:25 HTTP/1.0" 200 4640 "-" "-"
216.209.123.134 - - [30/Aug/2002:13:20:07 -0400] "CONNECT smtp1.sympatico.ca:25 HTTP/1.0" 200 4640 "-" "-"
206.172.206.236 - - [30/Aug/2002:13:20:18 -0400] "CONNECT smtp1.sympatico.ca:25 HTTP/1.0" 200 4640 "-" "-"

jm_uk

8:36 pm on Aug 30, 2002 (gmt 0)

10+ Year Member



This request shows someone successfully using your server as a proxy for their SMTP (email sending) activities.

It is likely that this is a spammer trying to mask where they are sending their spam from.

It's simple - they find a HTTP/CONNECT proxy (like your server) through port scanning and then proxy all of their SMTP traffic though your server to cover their tracks.

CERT has issued a vulnerability alert about this. You can find it at [kb.cert.org...]

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Website Analytics - Tracking and Logging 5:53 am May 14, 2026