[KLUG Members] Chasing people down.
Adam Bultman
members@kalamazoolinux.org
Fri, 28 Jun 2002 16:33:10 -0400 (EDT)
Oh, I did that. That day, late at night, I started getting pages, and
when I saw that, I was like, "Bind! Bind sucks, I'll upgrade that!" I saw
httpd traffic, and shut off httpd, and later, I found (with someone's help
) that mod_proxy was turned on. I fixed that, then made a 404 page that
has a </table>, a %> , a ?> , and a nasty blink/font tag to the page so
that if a human tries to use it, it very well might break the page.
Oh, well.
--
Adam Bultman
adam@glaven.org
[ http://www.glaven.org ]
On Fri, 28 Jun 2002 adam@morrison-ind.com wrote:
> >>Your proxy is available from the Internet?! If you see log entries
> >>traceroute back to the source address, reverse lookup on the address,
> >>lookup the domain in whois, and contact their administrative contact.
> >No- check this out- it's an apache server that the previous admin enabled
> >mod_proxy on. So, anyone connecting to it and requesting an offsite page
> >got the page through that machine, so it's like an anonymizer.
>
> Wow! Wow! Wow! Run, don't walk, to /etc/httpd/conf/httpd.conf and turn
> mod_proxy off! This is pretty bad network architecture and, especially these
> days with everyone worried that little Johnny who voted for 'the other guy'
> (Gasp!) is going to blow up some buildings, running an anonymizer is a **REAL**
> **BAD** idea.
>
> If you need a proxy, set one up on the inside.
>
> >>If it is always the same request I doubt it is a human user.
> >Well, there's a lot of different pages. However, who on earth would set up
> >a robot program to just get banner ads? That's kind of strange. Unless
> >it's just some sort of program to flood my bandwidth.
>
> Think, it websites charge advertising customers per impression..... All we
> need to do it ALL run robots to troll for banner adds....
>
> >>Screw the help desk, whois contains contact info. If no satisifaction have
> >>your lawyer call and mention compenstation for bandwidth consumption.
> >I'm having a hard time getting valid hosts. Some places have no info for
> >them, others point to companies in other languages. So, I'll try to chase
> >down the ones I know, but for the most part, like I said, abuse addresses
> >aren't very helpful.
> >Oh, well.
>
> Yikes! Turn off mod_proxy, yesterday.
>
>
> _______________________________________________
> Members mailing list
> Members@kalamazoolinux.org
>
>