You are not logged in.
- Topics: Active | Unanswered
#1 2010-02-14 06:45:30
- codemon
- Member
- From: India
- Registered: 2009-12-08
- Posts: 12
- Website
Strange entries in lighttpd access log -- help!
Hi,
I run a lighttpd server at home. I just use it for working with some scripts, and sharing stuff with my friends. I have a dynamic IP address, so I use dyndns for getting a hostname.
Today I noticed some strange entries in the lighttpd access log:
64.162.221.146 lti-mail01.ltinetworks.com:25 - [14/Feb/2010:11:38:23 +0530] "POST http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 200 8 "-" "-"
64.162.221.146 - - [14/Feb/2010:11:38:25 +0530] "CONNECT http://lti-mail01.ltinetworks.com:25 HTTP/1.0" 501 357 "-" "-"
64.162.221.146 lti-mail01.ltinetworks.com:25 - [14/Feb/2010:11:45:40 +0530] "POST http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 200 8 "-" "-"
64.162.221.146 - - [14/Feb/2010:11:45:43 +0530] "CONNECT http://lti-mail01.ltinetworks.com:25 HTTP/1.0" 501 357 "-" "-"
64.162.221.146 lti-mail01.ltinetworks.com:25 - [14/Feb/2010:11:52:58 +0530] "POST http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 200 8 "-" "-"
64.162.221.146 - - [14/Feb/2010:11:53:01 +0530] "CONNECT http://lti-mail01.ltinetworks.com:25 HTTP/1.0" 501 357 "-" "-"
64.162.221.146 lti-mail01.ltinetworks.com:25 - [14/Feb/2010:12:00:12 +0530] "POST http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 200 8 "-" "-"
64.162.221.146 - - [14/Feb/2010:12:00:15 +0530] "CONNECT http://lti-mail01.ltinetworks.com:25 HTTP/1.0" 501 357 "-" "-"
64.162.221.146 lti-mail01.ltinetworks.com:25 - [14/Feb/2010:12:07:28 +0530] "POST http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 200 8 "-" "-"
64.162.221.146 - - [14/Feb/2010:12:07:30 +0530] "CONNECT http://lti-mail01.ltinetworks.com:25 HTTP/1.0" 501 357 "-" "-"What is going on here? Some kind of spambot? Note that I don't have the sendmail service installed, and port 25 is not forwarded on my router. Is this a threat and how do I deal with this?
Thanks.
Offline
#2 2010-02-14 19:44:08
- loafer
- Member
- From: the pub
- Registered: 2009-04-14
- Posts: 1,772
Re: Strange entries in lighttpd access log -- help!
I don't know a great deal about this. However, if you google for "lti-mail01.ltinetworks.com" you'll get a load of hits, which indicate there may be a problem.
All men have stood for freedom...
For freedom is the man that will turn the world upside down.
Gerrard Winstanley.
Offline
#3 2010-02-15 05:37:29
- codemon
- Member
- From: India
- Registered: 2009-12-08
- Posts: 12
- Website
Re: Strange entries in lighttpd access log -- help!
I don't know a great deal about this. However, if you google for "lti-mail01.ltinetworks.com" you'll get a load of hits, which indicate there may be a problem.
Yes, I did some more searching and apparently its a known problem.
This thing is trying to send a POST action to another site. Is there any way I can restrict POST actions to my own domain?
Offline