[KLUG Members] Chasing people down.

[Adam Bultman]

Okay. I've posted this to another listserv, but I think it has too small
of a knowledge base. Or, failing that, too small a base of people who
don't filter me. <pause for laughter>

Anyway, you all probably remember my two servers getting used as proxy
story, so I submit to you: How do I track these people down?  I still run
tail -f 's on the access logs, and I still get enough hits to have almost
a constantly scrolling list go by.  My questions are:

1.  How do I find out if someone is using (or attempting now) to use my
server as a free proxy?  Excuse me:  How do I find WHO is using me?

2.  How do I find out if it's a site using me, or a person (i.e. a port/ad
site or just a few people using me as a personal proxy?)

I've tried contacting one of the larger companies with users who are
hitting me, but despite the helpdesk's nice words (oh, trust me, the abuse
line is very quick) I have yet to get responses.  So, I guess my main help
is with picking a brain that will tell me how one can trace back these
things to a central source, and how to squelch that source, or, failing
that, to contact said person for a head-beating.  For them, not me. The
proxy stuff wasn't my fault.


Anyway, any help would be cool, unless I've already posted this before, in
which case, stop by to give me a head-beating.


In conclusion, at least I've made an attempt to keep people (if it is
people) from using me by putting items in the 404 page, as well as
index.html that will break things:  a close table tag, a close php and asp
tag, and an unclosed evil blink tag.  That'll learn em. Too bad like 99
percent of hitters are using MSIE (well, reported as, unless it's a
robot).

-- 
Adam Bultman
adam@glaven.org
[ http://www.glaven.org ]