[KLUG Members] Chasing people down.

[Adam Bultman]

Oh, I did that.  That day, late at night, I started getting pages, and
when I saw that, I was like, "Bind! Bind sucks, I'll upgrade that!" I saw
httpd traffic, and shut off httpd, and later, I found (with someone's help
) that mod_proxy was turned on.  I fixed that, then made a 404 page that
has a </table>, a %> , a ?> , and a nasty blink/font tag to the page so
that if a human tries to use it, it very well might break the page.

Oh, well.

-- 
Adam Bultman
adam@glaven.org
[ http://www.glaven.org ]


On Fri, 28 Jun 2002 adam@morrison-ind.com wrote:

> >>Your proxy is available from the Internet?!  If you see log entries
> >>traceroute back to the source address,  reverse lookup on the address,
> >>lookup the domain in whois, and contact their administrative contact.
> >No- check this out- it's an apache server that the previous admin enabled
> >mod_proxy on. So, anyone connecting to it and requesting an offsite page
> >got the page through that machine, so it's like an anonymizer.
>
> Wow! Wow! Wow!  Run, don't walk, to /etc/httpd/conf/httpd.conf and turn
> mod_proxy off!  This is pretty bad network architecture and, especially these
> days with everyone worried that little Johnny who voted for 'the other guy'
> (Gasp!) is going to blow up some buildings, running an anonymizer is a **REAL**
> **BAD** idea.
>
> If you need a proxy, set one up on the inside.
>
> >>If it is always the same request I doubt it is a human user.
> >Well, there's a lot of different pages. However, who on earth would set up
> >a robot program to just get banner ads? That's kind of strange.  Unless
> >it's just some sort of program to flood my bandwidth.
>
> Think,  it websites charge advertising customers per impression.....  All we
> need to do it ALL run robots to troll for banner adds....
>
> >>Screw the help desk, whois contains contact info.  If no satisifaction have
> >>your lawyer call and mention compenstation for bandwidth consumption.
> >I'm having a hard time getting valid hosts. Some places have no info for
> >them, others point to companies in other languages. So, I'll try to chase
> >down the ones I know, but for the most part, like I said, abuse addresses
> >aren't very helpful.
> >Oh, well.
>
> Yikes!  Turn off mod_proxy, yesterday.
>
>
> _______________________________________________
> Members mailing list
> Members@kalamazoolinux.org
> 
>