If he is using Squid, then the requests will be logged in access.log
with his IP.
However, unless your server is well firewalled or stripped down from all
services (including accessible DNS server) except Squid he might well be
"owning" it...
-- Henrik Nordstrom Squid hacker Raymond Brighenti wrote: > > Hi, > > Received the bellow email the other day. > I think I saw somewhere a mention that you can use squid to proxy IRC. > Apart from the fact it comes from a Hotmail account, they also claim this > user to be from Sweeden... sorry sweeden :), now I've set our proxy only to > allow access from our IP ranges which have been the same for the past 4 > years and have always been back to here in Aus, or do I have to do > something different to prevent IRC users? > > Anyways, is there a way to go through any of Squids logs to track this back > to who it might be? > > Ta > > Ray > > >X-Originating-IP: [xxx.xxx.xxx.xxx] > >From: "xxxx xxxx" <xxxx@hotmail.com> > >To: support@webfront.net.au > >Subject: ip hacking of your account > >Date: Thu, 01 Feb 2001 10:07:24 -0000 > >X-OriginalArrivalTime: 01 Feb 2001 10:07:25.0159 (UTC) > >FILETIME=[C66DEF70:01C08C36] > > > >i am an op on irc (dalnet) and believe that the following person is > >bouncing/hacking from your server. > >details: > >*** Resolved proxy.webfront.net.au to "our.proxy.ip.address" > >users info: Blackadder irc ip addy: ~Baldrick@"our.proxy.ip.address" > >Users dns numbers: "our.proxy.ip.address" > >Time ping at 8:30 pm Australian time was 6-8 hours behind our time, was at > >Europeon time. > >User comes from sweeden. > >we know this person well and is a frequent trouble maker. just thought > >that you should know he is somehow using your account system > >regards > >amber > >_________________________________________________________________________ > >Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > > > -- > To unsubscribe, see http://www.squid-cache.org/mailing-lists.html -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Fri Feb 02 2001 - 01:46:12 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:51 MST