Tom Le writes:
> Hi,
>
> I have a website that sits behind squid 2.5 and it got hack into today.
> Someone from this ip address,
> 200.148.134.206, has put few files into my website through squid. The
> content of the index.html is
>
> "Simiens Crew 2004 Ownz U"
>
> Here is the log from squid
>
> 1094326387.752 899375 200.148.134.206 TCP_MISS/000 0 PUT
> http://<hostname>/index.html - DIRECT/<my website ip adress> -
>
>
> Can any of you give me some insight into this problem, and how to tight my
> squid server down?
See previous post and add the following to your squid config:
add the below to your ACL section
acl GETONLY method GET
add this one to the *beginning* of your http_access section
http_access deny !GETONLY
Note that this will STOP all requests that are are not GETs. This is an
extreme approach. A better way might be to list all valid IPs you expect
and then
http_access deny !VALIDIPS
Also use authentication esp. if you are providing a public proxy service.
--- [ tanaya.net/Exim/Antiviral/CBBB20F7 ] ---
This message has been scanned with ClamScan, BitDefender, H+BEDV
AntiVir, and F-PROT antivirus software and has been determined to
be VIRUS FREE.
This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:02 MDT