Hi... I found this in my logfile... It it something to worry about ? 24.172.195.8 - - [20/Nov/2006:17:23:40 +0100] "GET http://www.microsoft.com/ HTTP/1.0" 200 1155 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 24.172.195.8 - - [20/Nov/2006:17:23:40 +0100] "POST http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 200 1155 "-" "-" 24.172.195.8 - - [20/Nov/2006:17:23:43 +0100] "CONNECT http://lti-mail01.ltinetworks.com:25 HTTP/1.0" 400 303 "-" "-" niki
Maybe someone is probing one of your email forms if it can be uses for relaying. Do you have more requests from the IP 24.172.195.8 or onely these three?
Hi.. I have many entrys ! 24.172.195.8 - - [20/Nov/2006:14:10:56 +0100] "GET http://www.microsoft.com/ HTTP/1.0" 200 1155 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 24.172.195.8 - - [20/Nov/2006:14:10:56 +0100] "POST http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 200 1155 "-" "-" 24.172.195.8 - - [20/Nov/2006:14:10:58 +0100] "CONNECT http://lti-mail01.ltinetworks.com:25 HTTP/1.0" 400 303 "-" "-" Niki
If you want you can block that IP address: http://www.howtoforge.com/forums/showthread.php?t=6363&highlight=route+reject
Hi Till Thanks I have blacklisted all the entries that i can find in my logfile... But i still don't know what email script is being used ?
This is difficult to find out if you have many web sites on your server. It can be any guestbook, forum software, CMS, etc. that the spammers try to exploit.
