• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Securing Apache Server at port 8080

 
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi - I have a linux server configured with a major cloud service provider and I had installed a web app on Tomcat Server and also configured Apache as a proxy at port 8080 for my web site. Just yesterday when i logged into my cloud account, i found that the total bandwidth in and out is about 90GB though i had never used this much GB. When I inquired with the clould support folks they told me the below

It looks like you have port 8080 open as a http proxy Someone probably found that and has been using that.



What does this mean ? How can someone else use my apache server's port 8080 for their purpose ? How can i prevent this ? I have stopped my server at this point to avoid further misuse.

Please suggest.

Thanks, Deepna
 
Ranch Hand
Posts: 99
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Deep, Why are you using apache as a proxy?

A proxy can be used to tunnel network traffic through your server, which explaind the bandwidth problem.
You most likely have a basic insecure proxy server configured that is being connected to by anonymous users.


Cheers,
Philip
 
Saloon Keeper
Posts: 27764
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Google for "Open Proxy".

Internet abusers will exploit an insufficiently-secure proxy server in a number of ways. One of them is to hide their origins while spamming. You can see this in the Apache access logs because there will be a lot of URLs for foreign domain names, usually ending with ":25", which is the Well Known Port ID of the SMTP mail protocol.
 
Deep Nair
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Philip - I used a proxy so that later on I can turn this proxy to a firewall proxy but in my initial setup - i did a mistake of not making it secure.
Tim- yes I need to check the logs in Apache, I understand the default path is

Thanks,
Deepna
 
Tim Holloway
Saloon Keeper
Posts: 27764
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Look at access_log, instead. Unfortunately, if someone is successfully using you as a spam relay, it won't be an "error".
 
Deep Nair
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Tim, I had configured my proxy as below i.e with ProxyRequests On which in one way makes my Apache Proxy as a Forward Proxy. Also I had an "Allow from all" so everyone had access to hit and use this as a "Forward Proxy"


Now to fix the issue - will the below two steps suffice i.e
-- Convert the Forward Proxy to Reverse Proxy i.e. by setting Proxy Requests to Off
-- Setup Allow from a particular url name
The code will look similar to below


Will this work to make the Server secured ?

Thanks,
Deepna
 
Water! People swim in water! Even tiny ads swim in water:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic