Let me preface this by saying that I'm not a linux guru, or even really an administrator, but because of various shufflings of staff, reorgs and resignations, I'm now responsible for the web server, at least for the time being.
This is running some version of Linux and Apache, but I don't know what versions, or how to get the versions. The potential problem I've discovered is that in the log files, we are seeing GET requests for completely external websites. Why would this be? Here is a sample of what our logs look like:
I don't have 5 posts so it won't let me post the log. I'll try to post it below!
Note that none of those sites are ones that we are supposed to be serving up. Are we being used as a proxy server? What can we do to block this, if it is in fact a problem?
Various scripts/worms are testing your apache setup to see if it is vulnerable enough for them to use your server to hide their attacks on other servers. The "404" (i.e., the status code) that you see on each line (after the "HTTP/1.0") shows that your apache setup denied the script access.
Its the same concept as leaving ssh bound to port 22 - if you check the logs you can see multiple attempts from various ip ranges trying to gain root access, or even trying to log in with bogus use names like 'suzie'
Most all Apache requests use either "GET" or "POST" so that is not unusual. Hopefully there has been some Server hardening done though, because when (not if) you get a probe that finds an insecure Form script or something else vunerable, they are going to use a "GET" and insert their script on your Server.
Could be their script will be used to send Spam from your Server, so you'll take the heat for any backlash, or could be their script will 'root' your Server. Then you're looking at an OS reinstall and downtime for the Server -- not good.
Be pro-active and verify that somebody has done something to beef up Server security, else have it done ASAP.
• PotentProducts.com - for all your Hosting needs
• Helping people Host, Create and Maintain their Web Site
• ServerAdmin Services also available
First of all. Thanks for makin me look like the bad guy -.- lol. Second of all I think rack911 can do a good amount of hardening for not too high of a price. I think they do apache hardening, but don't quote me.