Yeah, got some help on reddit. Everyting is sorted out. Even created a custom fail2ban rule to ban the suckers So everything is kinda cool now. Lesson learned! -Andreas On Dec 10, 2012, at 23:48 , "Brett @Google" <brett.maxfield@xxxxxxxxx> wrote: > Wow. Don't be a free anonomizing proxy for the Internet.. > > The suggestion about running a reverse proxy seems the best, but you > must not allow forward proxy for everybody ! If you have a fixed > internet ip, then this can make your fixed ip unusable, as once an > open proxy is detected once, hundreds of servers will keep checking to > see if it becomes open again.. perhaps for many months/years. > > A forward proxy is usually a protected item, you only make it visible > from your local ip range, and you never mix a forward proxy with a > content server or reverse proxy as these are usually public to all, so > people can see your content. > > The default config in /etc/apache2/mods-enabled/proxy.conf is for your > protection, should be left, don't change it other to add one of your > private 192.168.0.x addresses. > > But ideally don't mix a content server with a forward proxy.. it's bad news :) > > Cheers > Brett > > On Mon, Dec 10, 2012 at 1:40 AM, Andreas Westvik <andreas@xxxxxxxxxx> wrote: >> Hi everyone! >> >> First, images can be found here: >> http://www.reddit.com/r/debian/comments/14jr2r/mod_proxy_unleashes_hell_on_my_server/ >> >> So this is the third time Im enabling mod_proxy on my Debian squeeze server. >> And every time I do this, all hell breaks out and attacks the server. (see >> images above) It gets so bad that munin stops >> generating stats as well. And according to the last stats from munin before >> it went bonkers, I was hit by almost 3500 hits a minute. >> So what is going on? I suspect the mod_proxy to some what "phone home" to a >> bot network, cause like 2-3 seconds >> after I enable the mod_proxy the attack starts. >> >> What can I do? >> >> -Andreas > > > > -- > The only thing that interferes with my learning is my education. > > Albert Einstein > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|