Mandrake 9.2 and Apache Open Proxy Bug
the standard apache config of this linux version can cause serious trouble
The problem:
Linux Mandrake 9.2 uses  apache 2.0.47 by default - but take a careful look at your apache config files, because the server is set up by default with an open proxy port – so your box could be “hijacked” by spammers, who use your machine as their own proxy server.
More info about mod_proxy: http://httpd.apache.org/docs-2.0/mod/mod_proxy.html
I became attentive to the hijacking of my system, because the network performance was suddenly very poor, and the http – log of apache showed thousands of lines of “GET” and “CONNECT” requests to foreign domains (mostly porn sites) – this resulted in a massive overload on the server.
Check the open proxy server
To check if your box does really act as an open proxy server, just connect via telnet and try a “GET” request to another adress.
telnet www.yourserver.com 80 GET http://www.google.com
If the request returns the source code of www.google.com, your server acts as an open proxy!
Solution:
In Mandrake 9.2, the proxy – configrations can be found in  /etc/httpd/conf.d/30_mod_proxy.conf – please check your settings with the following settings, and your server will lock out the bad guys.
--------------------------------------
LoadModule proxy_module modules/mod_proxy.so
# LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
#
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#
ProxyRequests Off
#
Order deny,allow
Deny from all
Allow from 127.0.0.1
#
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#
ProxyVia Off
# End of proxy directives.
---------------------------------------
If your server has already been hijacked and its adress shows up in spammer lists, the requests will not stop immediatly, this will take a few days (up to two weeks)
In my case, everything worked fine after 4 days.
The problem:
Linux Mandrake 9.2 uses  apache 2.0.47 by default - but take a careful look at your apache config files, because the server is set up by default with an open proxy port – so your box could be “hijacked” by spammers, who use your machine as their own proxy server.
More info about mod_proxy: http://httpd.apache.org/docs-2.0/mod/mod_proxy.html
I became attentive to the hijacking of my system, because the network performance was suddenly very poor, and the http – log of apache showed thousands of lines of “GET” and “CONNECT” requests to foreign domains (mostly porn sites) – this resulted in a massive overload on the server.
Check the open proxy server
To check if your box does really act as an open proxy server, just connect via telnet and try a “GET” request to another adress.
telnet www.yourserver.com 80 GET http://www.google.com
If the request returns the source code of www.google.com, your server acts as an open proxy!
Solution:
In Mandrake 9.2, the proxy – configrations can be found in  /etc/httpd/conf.d/30_mod_proxy.conf – please check your settings with the following settings, and your server will lock out the bad guys.
--------------------------------------
LoadModule proxy_module modules/mod_proxy.so
# LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
#
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#
ProxyRequests Off
#
Order deny,allow
Deny from all
Allow from 127.0.0.1
#
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#
ProxyVia Off
# End of proxy directives.
---------------------------------------
If your server has already been hijacked and its adress shows up in spammer lists, the requests will not stop immediatly, this will take a few days (up to two weeks)
In my case, everything worked fine after 4 days.