[KLUG Members] Chasing people down.

[members@kalamazoolinux.org]

>Okay. I've posted this to another listserv, but I think it has too small
>of a knowledge base. Or, failing that, too small a base of people who
>don't filter me. <pause for laughter>
>Anyway, you all probably remember my two servers getting used as proxy
>story, so I submit to you: How do I track these people down?  I still run
>tail -f 's on the access logs, and I still get enough hits to have almost
>a constantly scrolling list go by.  My questions are:
>1.  How do I find out if someone is using (or attempting now) to use my
>server as a free proxy?  Excuse me:  How do I find WHO is using me?

Your proxy is available from the Internet?!  If you see log entries traceroute
back to the source address,  reverse lookup on the address,  lookup the domain
in whois, and contact their administrative contact.

> 2.  How do I find out if it's a site using me, or a person (i.e. a port/ad
> site or just a few people using me as a personal proxy?)

If it is always the same request I doubt it is a human user.

>I've tried contacting one of the larger companies with users who are
>hitting me, but despite the helpdesk's nice words (oh, trust me, the abuse
>line is very quick) I have yet to get responses.  So, I guess my main help

Screw the help desk, whois contains contact info.  If no satisifaction have your
lawyer call and mention compenstation for bandwidth consumption.