Hi-- I have a few entries in my Apache access_log similar to the above. They occurred every 4 minutes for about 1/2 hour. I assume someone was trying (succeeding?) to use my server to send spam. I'm running Apache 2.2 over Fedora. All references to mod_proxy are disabled in my httpd.conf file. Firestarter is set to block outbound access via port 443 to all users. Port forwarding on my router is enabled *only* to port 80. The entries in more detail look like xx.xxx.xxx.xxx - - [date/time] "CONNECT yyy.yyy.yyy.yyy:443 HTTP/1.0" 200 1759 "-" "-" The 6 entries connect to only 2 subnets. The 1759 (which I assume is the message size) is the same for all 6. It's a toy website; the content is insignificant (though carefully filtered, escaped, etc.) But I obviously don't want anyone abusing the machine's resources. My main questions are: Were these attacks successful? Can someone install and connect via a proxy despite the precautions I took? And what steps should I take to protect my system? I added a rule to the firewall manager that prohibits outbound access to this specific attacker. But I have little confidence in it, since as I mentioned there's already a rule blocking port 443. Thanks in advance to anyone who can help.