Wow. Don't be a free anonomizing proxy for the Internet.. The suggestion about running a reverse proxy seems the best, but you must not allow forward proxy for everybody ! If you have a fixed internet ip, then this can make your fixed ip unusable, as once an open proxy is detected once, hundreds of servers will keep checking to see if it becomes open again.. perhaps for many months/years. A forward proxy is usually a protected item, you only make it visible from your local ip range, and you never mix a forward proxy with a content server or reverse proxy as these are usually public to all, so people can see your content. The default config in /etc/apache2/mods-enabled/proxy.conf is for your protection, should be left, don't change it other to add one of your private 192.168.0.x addresses. But ideally don't mix a content server with a forward proxy.. it's bad news :) Cheers Brett On Mon, Dec 10, 2012 at 1:40 AM, Andreas Westvik <andreas@xxxxxxxxxx> wrote: > Hi everyone! > > First, images can be found here: > http://www.reddit.com/r/debian/comments/14jr2r/mod_proxy_unleashes_hell_on_my_server/ > > So this is the third time Im enabling mod_proxy on my Debian squeeze server. > And every time I do this, all hell breaks out and attacks the server. (see > images above) It gets so bad that munin stops > generating stats as well. And according to the last stats from munin before > it went bonkers, I was hit by almost 3500 hits a minute. > So what is going on? I suspect the mod_proxy to some what "phone home" to a > bot network, cause like 2-3 seconds > after I enable the mod_proxy the attack starts. > > What can I do? > > -Andreas -- The only thing that interferes with my learning is my education. Albert Einstein --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|