Re: [squid-users] spammer abusing my proxy server

From: Tek Bahadur Limbu <teklimbu@dont-contact.us>
Date: Mon, 7 May 2007 10:46:55 +0545

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 06 May 2007 20:16:53 +0200
Henrik Nordstrom <henrik@henriknordstrom.net> wrote:

> mån 2007-05-07 klockan 02:06 +1200 skrev Amos Jeffries:
>
> > Yes, to find the culprit you will have to check your log. At least
> > google provide you some helpful info:
> > Posted: 5 May 2007 03:11:15 GMT
> > User-Agent: G2/1.0
> > X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
> > SV1),gzip(gfe),gzip(gfe)
> > X-HTTP-Via: 1.1 myproxy.com:3128 (squid/2.6.STABLE9)
> >
> > Look for a CONNECT or similar method to port 119. If you find one it's
> > as easy as adding a port deny to your squid acls.
>
> The post was via a HTTP to NNTP gateway, not using CONNECT. To find the
> offender you need to look for POST requests to that google HTTP to NNTP
> gateway..

Hi Hendrik,

You were right with the POST method used via a HTTP to a NNTP gateway. I have tracked this person using my proxy server for spamming and issue him a warning. I would like to thank all of you for your required help and feedback.

Thanking you...

>
> Regards
> Henrik
>

- --

With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal

http://www.wlink.com.np
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (FreeBSD)

iD8DBQFGPrLDVrOl+eVhOvYRAkeBAJ9cTqCBkZlGdlwVEvNyZjAXVcRKBACfYCJp
O2PW1loP/Qm0cCjhVkcer14=
=hscX
-----END PGP SIGNATURE-----
Received on Sun May 06 2007 - 23:02:18 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:04 MDT