New user of squid. Used it many years ago but things have changes. I set up a proxy recently then forgot about it as I had other jobs to take care of. Seems I left it running but only had a couple of sites with IPs to the cache for testing.
Yesterday, I wanted to get back to the cache and saw a great deal of traffic I/O on the cache but the weird part was that none of it was for or on my network. It looked like I've been used as some sort of payment gateway for a short while :).
Anyhow, I do have firewall security in place, there was no compromise of the server itself so how in the heck was this happening? I kept the logs but being new to squid, means nothing to me just yet.
Here is my very basic setup file, maybe it's something silly I did, like the last line that says let anyone in. I would appreciate input on this, thanks very much.
Mike
cache_mgr support_at_xxxxx
visible_hostname ca35.xxxxx
cache_dir ufs /var/spool/squid 1000000 16 256
cache_mem 768 MB
maximum_object_size_in_memory 64 KB
hosts_file /etc/hosts
http_port 80 transparent
http_port 443 transparent
acl all src 0.0.0.0/0.0.0.0
acl Safe_ports port 80 443
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl accel_hosts dst 192.168.1.40
http_access allow accel_hosts
http_access allow manager localhost
http_access deny manager
http_access allow all
deny_info http://www.xxxxxx.com/ all
logformat combined %{Host}>h %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
logformat vcombined %{Host}>h %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h"
access_log /var/spool/squid/log/access.log combined
access_log /var/spool/squid/log/vaccess.log vcombined
cache_store_log /var/spool/squid/log/store.log
cache_log /var/spool/squid/log/cache.log
icp_access allow all
cache_effective_group squid
coredump_dir /var/spool/squid
forwarded_for on
emulate_httpd_log on
redirect_rewrites_host_header off
buffered_logs on
cache_effective_user squid
cachemgr_passwd xxxxxxxxxxxxxxxxxx all
Received on Tue Nov 11 2008 - 23:05:48 MST
This archive was generated by hypermail 2.2.0 : Wed Nov 12 2008 - 12:00:03 MST