[squid-users] spmmer abusing my proxy server from Tek Bahadur Limbu on 2007-05-05 (squid-users)

From: Tek Bahadur Limbu <teklimbu@dont-contact.us>
Date: Sun, 6 May 2007 11:37:00 +0545

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear All,

One of my clients is abusing my proxy server to sent spams to different groups in the internet.
But I have only been given the details below.

I understand that there should be some kind of X-Forwarded-For IP address right? How do I get the IP of the offending user besides checking all my access logs?

Can somebody shed some light into how to prevent these incidents from recurring in the future?
Thanks in advance!

SPAM Details:

Path:
authen.puce.readfreenews.net!green.octanews.net!news-out.octanews.net!news.glorb.com!postnews.google.com!u30g2000hsc.googlegroups.com!not-for-mail
From: spammer@gmail.com
Newsgroups: alt.comp.freeware
Subject:
http://www.jobsnepal.info/idevaffiliate/idevaffiliate.php?id=1515
Date: 4 May 2007 20:11:14 -0700
Organization: http://groups.google.com
Lines: 6
Message-ID: <1178334674.363813.301290@u30g2000hsc.googlegroups.com>
NNTP-Posting-Host: 202.xx.xx.xx (IP of my proxy server)
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Trace: posting.google.com 1178334675 27786 127.0.0.1 (5 May 2007
03:11:15 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: Sat, 5 May 2007 03:11:15 +0000 (UTC)
User-Agent: G2/1.0
X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
SV1),gzip(gfe),gzip(gfe)
X-HTTP-Via: 1.1 myproxy.com:3128 (squid/2.6.STABLE9)
Complaints-To: groups-abuse@google.com
Injection-Info: u30g2000hsc.googlegroups.com;
posting-host=202.xx.xx.xx (IP of my proxy);
posting-account=qJA5Sw0AAAAEwNnRGJ7bd6V3Qkylk050
Xref: authen.puce.readfreenews.net alt.comp.freeware:544238

Specialize in website design, web hosting, database design and
internet marketing to improve your web position. Services include meta
tag programming,online job and many more
http://www.jobsnepal.info/idevaffiliate/idevaffiliate.php?id=1785

- --

With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal

http://www.wlink.com.np
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (FreeBSD)

iD8DBQFGPW0AVrOl+eVhOvYRAgD/AJ9qVREDs4qsyg4u7AaqnIEVbS1K5ACeORdr
6NOkWgrczzJjPb2M6TPCEvA=
=o/1v
-----END PGP SIGNATURE-----
Received on Sat May 05 2007 - 23:52:23 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:04 MDT