One of our Client's has a webserver that runs on Mandrake and is using Apache. I am not a Linux guru but I can navigate my way around. I did figure out that the server was being used as a proxy by looking in the httpd/error_log. There are Proxy errors in there and you can see where someone is trying hack some yahoo logins. Or they are logging in on them.
My situation is that our Linux guru is on the road and will not be available to look at it for several hours. We have shut off the IP's that they were coming in through. So my question is two-fold. One, how do I find out what version of Apache they are using. I am guessing that it was a vulnerability there that is the issue. Two, has anyone else seen this before and do you know what service might be used for the proxy? SSH and HTTP/S were all open.