[squid-users] Spyware....bleh

From: Sam Reynolds <sreynolds@dont-contact.us>
Date: Thu, 16 Jun 2005 17:52:34 -0400

Ok, I am having a time of my life here. My squid service is still
crashing and restarting. I am unable to get a core dump. However, I
have found that everytime it happens, I get the error:

Jun 16 17:40:56 xxxxx squid[6509]: storeDirWriteCleanLogs: Starting...
Jun 16 17:40:56 xxxxx squid[6509]: WARNING: Closing open FD 16
Jun 16 17:40:56 xxxxx squid[6509]: Finished. Wrote 0 entries.
Jun 16 17:40:56 xxxxx squid[6509]: Took 0.0 seconds ( 0.0
entries/sec).

I have also found that everytime either during the second that it
crashes or the second right before it crashes, a known spyware site has
been tried to be accessed. I receive a TCP_Denied, so I know it is not
getting out to the site, but it still seems to be the culprit that is
causing my cache to die. Typically, the site looks somewhat like this:

"172.20.33.18":;"-":;"172.18.10.200":;1118958055:;2005-06-16
17:40:55:830:;0:;"-":;"-":;"407":;"GET":;"http://www.frankfurter-buchmes
se.de/o.php":;"1.0":;2385:;"text/html":;"TCP_DENIED"

Also, if I run "free -m" on my system, I get the following:

                     otal used free shared buffers
cached
Mem: 1007 992 14 0 79
794
-/+ buffers/cache: 118 888
Swap: 996 9 986

Does anyone know what may be the cause of this? Is there a way I can
get a definitive answer on what is crashing my service (the box stays up
and responsive, just restarts the service from the RunCache)?

I'm really pulling my hair out here, and upper management is breathing
down my neck....

Thanks

Sam
Received on Thu Jun 16 2005 - 15:53:24 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jul 01 2005 - 12:00:02 MDT