Relay - Hacking - WHAT TO DOO ????
I have had uninvited visitors on my server and are desperately trying to close a loophole
My guess is that I have a loophole in my HTTP POST or an installed script from hostile
localhost||||1155||||18.104.22.168 - - [28/Mar/2006:01:08:17 +0200] "POST
localhost||||1155||||http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 200
localhost||||1155||||1155 "-" "-"
Above I reads as the webserver have been used for smtp proxy by a loophole meaning that others are able to do HTTP POST towards foreign IP adresses and towards other ports than 80.
How to configure apache 2 only to accept POST from it selves and only port 80 ?
Has anyone experienced anything like ?
Does anyone have any ideas in how to close loophole by editing configuration in order to close in ?
Thank in advance - Please note that I am growing gray hairs, and have a closed connection by provider - Full attention from sirt and facing a policewarning ????