RE: [squid-users] Outgoing http request?

Is this squid log or your web server's log? Just kidding.

Shut squid down. It looks like your machine is being used as an open proxy
server by the world. It might be advisable to unplug hte machine from the
network since you are running a proxy server without knowing difference
between a proxy server and web server and therefore unwillingly helping
useless people on the net.

Tesla

>From: Devon Harding - GTHLA <DHarding@gilatla.com>
>To: 'Henrik Nordstrom' <hno@squid-cache.org>
>CC: "'squid-users@squid-cache.org'" <squid-users@squid-cache.org>,
>"'redhat-list@redhat.com'" <redhat-list@redhat.com>
>Subject: RE: [squid-users] Outgoing http request?
>Date: Wed, 29 Jan 2003 09:36:46 -0500
>
>Well looking at my access.log, I noticed that squid is accessing websites
>that no users have requested. I have not allowed any users to access the
>cache. These requests are coming from squid itself. I think its some kind
>of worm or virus that has affected squid.
>
>61.21.247.37 - - [29/Jan/2003:11:36:22 -0500] "GET
>http://home.hanmir.com/%7Eueookjtsou/report/report0635.gif HTTP/1.0" 504
>1069 TCP_MISS:NONE
>219.106.192.133 - - [29/Jan/2003:11:36:26 -0500] "GET
>http://home.hanmir.com/~mrtu82bv3/ss2_0744.jpg HTTP/1.0" 504 1045
>TCP_MISS:NONE
>67.85.244.205 - - [29/Jan/2003:11:36:38 -0500] "POST
>http://www.sparkfind.com/cgi-bin/search/smartsearch.cgi HTTP/1.0" 504 1063
>TCP_MISS:NONE
>219.98.86.182 - - [29/Jan/2003:11:36:42 -0500] "GET
>http://www.directpornstar.com/dmay/n1/WWL01_1051.gif HTTP/1.0" 504 1057
>TCP_MISS:NONE
>219.181.160.56 - - [29/Jan/2003:11:36:46 -0500] "GET
>http://home.hanmir.com/%7Eyabwweo487/egg0412.jpg HTTP/1.0" 504 1049
>TCP_MISS:NONE
>200.198.194.146 - - [29/Jan/2003:11:36:52 -0500] "GET
>http://www.topmoxie.com/external/builds/common/equivalent_domains.htm
>HTTP/1.0" 504 1096 TCP_MISS:NONE
>218.222.245.221 - - [29/Jan/2003:11:37:10 -0500] "GET
>http://210.138.105.147/0616/anime66/anime6601-23.zip HTTP/1.1" 504 1057
>TCP_MISS:NONE
>165.76.120.115 - - [29/Jan/2003:11:37:40 -0500] "GET
>http://home.hanmir.com/~roninman/bijin0289.jpg HTTP/1.0" 504 1045
>TCP_MISS:NONE
>
>-Devon
>
>-----Original Message-----
>From: Henrik Nordstrom [mailto:hno@squid-cache.org]
>Sent: Tuesday, January 28, 2003 9:23 PM
>To: Devon Harding - GTHLA
>Cc: 'squid-users@squid-cache.org'; 'redhat-list@redhat.com'
>Subject: Re: [squid-users] Outgoing http request?
>
>???
>
>Squid is not a web server. Squid is a proxy. If you have users using the
>Squid proxy then each request sent by these users to the proxy will
>result in a HTTP request sent by Squid.
>
>Regards
>Henrik
>
>Devon Harding - GTHLA wrote:
> >
> > I noticed in my log, I have out going http request from my squid web
> > servers.
> >
> > No one is on this machine, how are these requests being initiated? Is
>this
>a
> > hack attempt?
> >
> > System is rhl7.3
> >
> > _____________________
> > Devon Harding
> > System Administrator
> > Gilat Latin America
> > 954-858-1600
> > dharding@gilatla.com <mailto:dharding@gilathla.com>
> >
> > This e-mail is intended for the above named addressee(s), and may
>contain
> > information which is confidential or privileged. If you are not the
>intended
> > recipient, please inform us immediately: you should not copy or use this
> > e-mail for any purpose nor disclose its contents to any person.
> >

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus
Received on Wed Jan 29 2003 - 07:59:51 MST