-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 23 Dec 2005, Jacques Beaudoin wrote:
Greetings,
Im getting hit by spammer on port 80 on my firewall thats is also running
squid.
If i open port 80 to my mail server via prerouting, spammer wiill use
my firewall to send spam.
Port 80 is now block and i can see on my internet interface all
ip address trying to use my firewall as a spam proxy.
My squid rules looks ok.
But it sounds like the websewrver<s> is/are running a script/form/app that
is vulneralble, start the fix there, correct the problem that the "attacker"
is exploiting. Your squid and webserver logs should point at clues to
what's borked.
Thanks,
Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDq90Yst+vzJSwZikRAmdVAJ9Vk3Gbsq4BHVUqAsar6R49VgAnWQCffiHi
R/RxTi9XBe+TbdDkTKRPCBM=
=XQfd
-----END PGP SIGNATURE-----
