Re: [squid-users] spmmer abusing my proxy server

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Sun, 06 May 2007 20:16:53 +0200

mån 2007-05-07 klockan 02:06 +1200 skrev Amos Jeffries:

> Yes, to find the culprit you will have to check your log. At least
> google provide you some helpful info:
> Posted: 5 May 2007 03:11:15 GMT
> User-Agent: G2/1.0
> X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
> SV1),gzip(gfe),gzip(gfe)
> X-HTTP-Via: 1.1 myproxy.com:3128 (squid/2.6.STABLE9)
>
> Look for a CONNECT or similar method to port 119. If you find one it's
> as easy as adding a port deny to your squid acls.

The post was via a HTTP to NNTP gateway, not using CONNECT. To find the
offender you need to look for POST requests to that google HTTP to NNTP
gateway..

Regards
Henrik

Received on Sun May 06 2007 - 12:16:59 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:04 MDT