Re: [squid-users] Opasoft virus problem

From: Sumanth NS <sumanth@dont-contact.us>
Date: Tue, 28 Jan 2003 08:38:06 +0530 (GMT+05:30)

Hi,

You can try blocking this machine by using iptables
on your proxy machine.

Care.
Sumanth

On Tue, 28 Jan 2003, Kwan Chee Kin wrote:

# Hi,
# I hope i'm mailing to the correct mailing list.
#
# Lately my network was attacked by the Opaserv virus. This virus has
# the ability to grab the configuration from the Netscape browser and makes a
# http request for www.opasoft.com (a bogus URL)going through the Web Proxy,
# in which is the Squid Web Proxy. The infected host will try to make at least
# 100 hits/minute to the bogus URL through the Squid. This affect the squid
# logs - access.log and store.log. It grew to a few Gigs within hours.
#
# The Squid was dropped to its knees and lie dead since there was no
# more diskspace in the machine. I was able to clean up the machine by
# removing the huge log files and creating new log files and proceed on to
# remove the pcs that were infected by the virus.
#
# My question will be is there any solution to this type of problem
# where the squid will just drop requests that have more than 30 hits to a
# bogus or unreachable URL and not log into the logs?
#
# Or is there any third-party solution like a plug-in that will solve
# this problem?
#
# Any suggestion appreciated. Thank you.
#
# Best regards,
# Kwan Chee Kin
#
#
#
#
#
Received on Mon Jan 27 2003 - 20:08:17 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:53 MST