[KLUG Members] Chasing people down.

[members@kalamazoolinux.org]

>>Your proxy is available from the Internet?!  If you see log entries
>>traceroute back to the source address,  reverse lookup on the address,  
>>lookup the domain in whois, and contact their administrative contact.
>No- check this out- it's an apache server that the previous admin enabled
>mod_proxy on. So, anyone connecting to it and requesting an offsite page
>got the page through that machine, so it's like an anonymizer.

Wow! Wow! Wow!  Run, don't walk, to /etc/httpd/conf/httpd.conf and turn
mod_proxy off!  This is pretty bad network architecture and, especially these
days with everyone worried that little Johnny who voted for 'the other guy'
(Gasp!) is going to blow up some buildings, running an anonymizer is a **REAL**
**BAD** idea.

If you need a proxy, set one up on the inside.

>>If it is always the same request I doubt it is a human user.
>Well, there's a lot of different pages. However, who on earth would set up
>a robot program to just get banner ads? That's kind of strange.  Unless
>it's just some sort of program to flood my bandwidth.

Think,  it websites charge advertising customers per impression.....  All we
need to do it ALL run robots to troll for banner adds....

>>Screw the help desk, whois contains contact info.  If no satisifaction have
>>your lawyer call and mention compenstation for bandwidth consumption.
>I'm having a hard time getting valid hosts. Some places have no info for
>them, others point to companies in other languages. So, I'll try to chase
>down the ones I know, but for the most part, like I said, abuse addresses
>aren't very helpful.
>Oh, well.

Yikes!  Turn off mod_proxy, yesterday.