When I was reading my mail server's log a few days ago, I found someone had tried to communicate with my SMTP server via HTTP. Kind of amusing, huh? Who in his right mind would do that?
The data sent to my server was something like the following:
CONNECT /var/www/index.html HTTP/1.1
Host: xxx.xx.x.xxx:25
X-Forwarded-For: yy.yyy.y.yy
X-Forwarded-Server: zzzz.com
Connection: Keep-Alive
I am not familiar with HTTP protocol, but after googling for "X-Forwarded-For" and "X-Forwarded-Server", I guessed this was a case of open proxy abuse. The 2 "X-Forwarded" headers were added by the proxy server during connection forwarding. I have already notified a service provider where 2 suspected open proxies resided. I would know whether my guess is correct if they ever reply to me.
No comments:
Post a Comment