On Fri, 2005-12-23 at 01:30 -0500, Jacques Beaudoin wrote: > > Im getting hit by spammer on port 80 on my firewall thats is also running > squid. Are you running Squid as an outbound proxy or a reverse proxy? If outbound you should have a filter similar to: acl localnet src <your_subnet>/<#_of_mask_bits> http_access allow localnet for example: acl localnet src 192.168.1.0/24 http_access allow localnet If you are running it as a reverse proxy, the host defined under "httpd_accel_host" has a vulnerable script running on it. Check the URL spammers have been connecting to in order to figure out which one it is. Are you running form mail? That's a common target. > If i open port 80 to my mail server via prerouting, spammer wiill use > my firewall to send spam. Then, don't do that. ;-) Actually, unless you are running Squid as an outbound proxy with incorrect filters (see above) they are probably using your mail server. HTH, Chris
