Hi - I have a linux server configured with a major cloud service provider and I had installed a web app on Tomcat Server and also configured Apache as a proxy at port 8080 for my web site. Just yesterday when i logged into my cloud account, i found that the total bandwidth in and out is about 90GB though i had never used this much GB. When I inquired with the clould support folks they told me the below
It looks like you have port 8080 open as a http proxy Someone probably found that and has been using that.
What does this mean ? How can someone else use my apache server's port 8080 for their purpose ? How can i prevent this ? I have stopped my server at this point to avoid further misuse.
A proxy can be used to tunnel network traffic through your server, which explaind the bandwidth problem.
You most likely have a basic insecure proxy server configured that is being connected to by anonymous users.
Internet abusers will exploit an insufficiently-secure proxy server in a number of ways. One of them is to hide their origins while spamming. You can see this in the Apache access logs because there will be a lot of URLs for foreign domain names, usually ending with ":25", which is the Well Known Port ID of the SMTP mail protocol.
An IDE is no substitute for an Intelligent Developer.
Joined: Dec 24, 2011
Philip - I used a proxy so that later on I can turn this proxy to a firewall proxy but in my initial setup - i did a mistake of not making it secure.
Tim- yes I need to check the logs in Apache, I understand the default path is
Look at access_log, instead. Unfortunately, if someone is successfully using you as a spam relay, it won't be an "error".
Joined: Dec 24, 2011
Tim, I had configured my proxy as below i.e with ProxyRequests On which in one way makes my Apache Proxy as a Forward Proxy. Also I had an "Allow from all" so everyone had access to hit and use this as a "Forward Proxy"
Now to fix the issue - will the below two steps suffice i.e
-- Convert the Forward Proxy to Reverse Proxy i.e. by setting Proxy Requests to Off -- Setup Allow from a particular url name
The code will look similar to below