Access Log : Meaning of "CONNECT smtp.mail.yahoo.com:25 HTTP/1.0" 400
posted 3 years ago
Can anyone please explain the meaning of the line "CONNECT smtp.mail.yahoo.com:25 HTTP/1.0" 400 in my Tomcat Access Log file? I have not configured any mailing programs. Please let know if this is a security threat.
It's an attempt to leverage your tomcat server into being a spam proxy.
I don't think that in the normal course of events that you have anything to worry about as far as Tomcat goes. If you are fronting Tomcat with a stock webserver with proxying abilities such as Apache httpd, you should verify that you haven't accidentally set up reverse proxying that would allow Apache to be exploited.
I get dozens of these slimy mis-requests every day. Bastards.
An IDE is no substitute for an Intelligent Developer.