[squid-users] Re: Web site got hack through squid

From: Adam Aube <aaube01@dont-contact.us>
Date: Sun, 05 Sep 2004 15:24:31 -0400

Tom Le wrote:

> I have a website that sits behind squid 2.5 and it got hack into today.

> Here is the log from squid
 
> 1094326387.752 899375 200.148.134.206 TCP_MISS/000 0 PUT
> http://<hostname>/index.html - DIRECT/<my website ip adress> -

> Can any of you give me some insight into this problem, and how to tight
> my squid server down?

Your web server is somehow configured to accept files from anyone on the
Internet who tries to upload to it. You need to fix your web server's
security settings. Ask your web server vendor for details.

You can use Squid acls to block this particular attack (block the PUT
method), but if your webserver is so insecure that you need this
protection, odds are the attackers will find some other way in.

Adam
Received on Sun Sep 05 2004 - 13:24:20 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:02 MDT