Apache server compromised?
Let me preface this by saying that I'm not a linux guru, or even really an administrator, but because of various shufflings of staff, reorgs and resignations, I'm now responsible for the web server, at least for the time being.
This is running some version of Linux and Apache, but I don't know what versions, or how to get the versions. The potential problem I've discovered is that in the log files, we are seeing GET requests for completely external websites. Why would this be? Here is a sample of what our logs look like:
I don't have 5 posts so it won't let me post the log. I'll try to post it below!
Note that none of those sites are ones that we are supposed to be serving up. Are we being used as a proxy server? What can we do to block this, if it is in fact a problem?
