Just check tcpdump -n -i eth0 -X -s 1500 dst port SQUIDPORT SQUIDPORT i guess must be 3128 Then just look, what kind of requests there, maybe you will see headers of software, possible dansguardian headers. Also try to stop dansguardian and see if it logs still continue. Do netstat -anp|grep 3128 to see who connecting to squid port On Sat, 24 Feb 2007 15:15:26 +0000, Paul wrote > DAnsGuardian is on 8080 and that's closed to all but my lan. I do > have 5801 and 5901 open for remote desktop, but I doubt that's a problem. > Is there a way to misconfigure apache2 to enable open proxy? > > On Sat, 2007-02-24 at 09:21 +0100, Henrik Nordstrom wrote: > > [UTF-8?]lц╤r 2007-02-24 klockan 08:28 +0100 skrev Henrik Nordstrom: > > > > > To diagnose after you have made changes somehow stopping the abuse then > > > checking all logs in detail is the only available, or maybe tcpdump > > > looking for users still trying to access the service and from that > > > derive how they gained access in the first place.. > > > > One educated guess: Maybe the port dansguardian is listening on is > > accessible from the outside. > > > > Regards > > Henrik -- Virtual ISP S.A.L.
