On Sun, May 06, 2007, Tek Bahadur Limbu wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dear All, > > One of my clients is abusing my proxy server to sent spams to different groups in the internet. > But I have only been given the details below. > > I understand that there should be some kind of X-Forwarded-For IP address right? How do I get the IP of the offending user besides checking all my access logs? The X-Forwarded-For header is set for HTTP requests. This news post is done via some HTTP to NNTP gateway program/script and thus doesn't automagically mean the X-Forwarded-For IP will be in there. You're more than likely going to have to run through your access logs. Adrian > > Can somebody shed some light into how to prevent these incidents from recurring in the future? > Thanks in advance! > > SPAM Details: > > Path: > authen.puce.readfreenews.net!green.octanews.net!news-out.octanews.net!news.glorb.com!postnews.google.com!u30g2000hsc.googlegroups.com!not-for-mail > From: spammer@xxxxxxxxx > Newsgroups: alt.comp.freeware > Subject: > http://www.jobsnepal.info/idevaffiliate/idevaffiliate.php?id=1515 > Date: 4 May 2007 20:11:14 -0700 > Organization: http://groups.google.com > Lines: 6 > Message-ID: <1178334674.363813.301290@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> > NNTP-Posting-Host: 202.xx.xx.xx (IP of my proxy server) > Mime-Version: 1.0 > Content-Type: text/plain; charset="iso-8859-1" > X-Trace: posting.google.com 1178334675 27786 127.0.0.1 (5 May 2007 > 03:11:15 GMT) > X-Complaints-To: groups-abuse@xxxxxxxxxx > NNTP-Posting-Date: Sat, 5 May 2007 03:11:15 +0000 (UTC) > User-Agent: G2/1.0 > X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; > SV1),gzip(gfe),gzip(gfe) > X-HTTP-Via: 1.1 myproxy.com:3128 (squid/2.6.STABLE9) > Complaints-To: groups-abuse@xxxxxxxxxx > Injection-Info: u30g2000hsc.googlegroups.com; > posting-host=202.xx.xx.xx (IP of my proxy); > posting-account=qJA5Sw0AAAAEwNnRGJ7bd6V3Qkylk050 > Xref: authen.puce.readfreenews.net alt.comp.freeware:544238 > > > Specialize in website design, web hosting, database design and > internet marketing to improve your web position. Services include meta > tag programming,online job and many more > http://www.jobsnepal.info/idevaffiliate/idevaffiliate.php?id=1785 > > - -- > > > With best regards and good wishes, > > Yours sincerely, > > Tek Bahadur Limbu > > (TAG/TDG Group) > Jwl Systems Department > > Worldlink Communications Pvt. Ltd. > > Jawalakhel, Nepal > > http://www.wlink.com.np > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2.2 (FreeBSD) > > iD8DBQFGPW0AVrOl+eVhOvYRAgD/AJ9qVREDs4qsyg4u7AaqnIEVbS1K5ACeORdr > 6NOkWgrczzJjPb2M6TPCEvA= > =o/1v > -----END PGP SIGNATURE----- -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level bandwidth-capped VPSes available in WA -
