Well looking at my access.log, I noticed that squid is accessing websites
that no users have requested. I have not allowed any users to access the
cache. These requests are coming from squid itself. I think its some kind
of worm or virus that has affected squid.
61.21.247.37 - - [29/Jan/2003:11:36:22 -0500] "GET
http://home.hanmir.com/%7Eueookjtsou/report/report0635.gif HTTP/1.0" 504
1069 TCP_MISS:NONE
219.106.192.133 - - [29/Jan/2003:11:36:26 -0500] "GET
http://home.hanmir.com/~mrtu82bv3/ss2_0744.jpg HTTP/1.0" 504 1045
TCP_MISS:NONE
67.85.244.205 - - [29/Jan/2003:11:36:38 -0500] "POST
http://www.sparkfind.com/cgi-bin/search/smartsearch.cgi HTTP/1.0" 504 1063
TCP_MISS:NONE
219.98.86.182 - - [29/Jan/2003:11:36:42 -0500] "GET
http://www.directpornstar.com/dmay/n1/WWL01_1051.gif HTTP/1.0" 504 1057
TCP_MISS:NONE
219.181.160.56 - - [29/Jan/2003:11:36:46 -0500] "GET
http://home.hanmir.com/%7Eyabwweo487/egg0412.jpg HTTP/1.0" 504 1049
TCP_MISS:NONE
200.198.194.146 - - [29/Jan/2003:11:36:52 -0500] "GET
http://www.topmoxie.com/external/builds/common/equivalent_domains.htm
HTTP/1.0" 504 1096 TCP_MISS:NONE
218.222.245.221 - - [29/Jan/2003:11:37:10 -0500] "GET
http://210.138.105.147/0616/anime66/anime6601-23.zip HTTP/1.1" 504 1057
TCP_MISS:NONE
165.76.120.115 - - [29/Jan/2003:11:37:40 -0500] "GET
http://home.hanmir.com/~roninman/bijin0289.jpg HTTP/1.0" 504 1045
TCP_MISS:NONE
-Devon
-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Tuesday, January 28, 2003 9:23 PM
To: Devon Harding - GTHLA
Cc: 'squid-users@squid-cache.org'; 'redhat-list@redhat.com'
Subject: Re: [squid-users] Outgoing http request?
???
Squid is not a web server. Squid is a proxy. If you have users using the
Squid proxy then each request sent by these users to the proxy will
result in a HTTP request sent by Squid.
Regards
Henrik
Devon Harding - GTHLA wrote:
>
> I noticed in my log, I have out going http request from my squid web
> servers.
>
> No one is on this machine, how are these requests being initiated? Is this
a
> hack attempt?
>
> System is rhl7.3
>
> _____________________
> Devon Harding
> System Administrator
> Gilat Latin America
> 954-858-1600
> dharding@gilatla.com <mailto:dharding@gilathla.com>
>
> This e-mail is intended for the above named addressee(s), and may contain
> information which is confidential or privileged. If you are not the
intended
> recipient, please inform us immediately: you should not copy or use this
> e-mail for any purpose nor disclose its contents to any person.
>
Received on Wed Jan 29 2003 - 07:36:52 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:56 MST