Remote hosts beginning by "mail"

Forum Moderators: phranque

Message Too Old, No Replies

Remote hosts beginning by "mail"

Remote hosts like "mail.somesite.com"

Marino

8:57 am on Feb 10, 2005 (gmt 0)

Hello,

My site is accessed by spammer which remote hosts are like : mail.somesite.com

Her's a line of my log file :

mail.somesite.com - - [07/Feb/2005:09:15:11 -0500] "GET / HTTP/1.1" 301 333 "http://porn-*****.us" "Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+5.0)" 0

But each time, somesite.com seems to be clean. So are spammers abusing some mail facility on someone's site or what?

jdMorgan

4:26 pm on Feb 10, 2005 (gmt 0)

Looks like somesite.com may be an open proxy, and the site in the referrrer is using the open proxy to log-spam you.

You can check by entering something like [mail.somesite.com...] into your browser address bar. If this works, then somesite.com is functioning an open proxy, (and you might want to let them know about it).

If it doesn't work, that's not guarantee that somesite.com is not an open proxy, but you'll need to use something other than a browser to test further.

On Apache, the open-proxy hole is pretty easy to fix -- you can refer them to the several threads here.

Anyway, it just looks like a log-spammer to me.

Jim

Marino

4:46 pm on Feb 10, 2005 (gmt 0)

Thanks a lot. I guess I'm gonna write some mails to ask to the webmasters of the sites wether if it's the case or not. If I've got some intersting answers, I'll post them here...