Search squid archive

Re: Squid Proxy Hijacked By Hackers in China

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Thanks very much. I think I've got it working now. Below is a snippet from
> my access log. Looks like they're being denied, right?

Yep, they are being blocked now :-)

> Also, these lines
> appear in my cache.log:
>
> 2008/05/27 17:38:17| WARNING: suspicious HTTP request contains double CR
> 2008/05/27 17:38:17| clientProcessRequest: Invalid Request
>
> Is that okay?
>

Sort of. It was a bug fixed in 3.0.STABLE5. A slightly over-enthusiastic
security measure. It's only an issue for you if those were desired
requests. If you find its causing problems getting any objects on your
site you will need a later version of 3.0.

>
>
> access.log snippet
> ==================
> 1211935075.466      0 87.80.92.213 TCP_DENIED/403 379 HEAD
> http://members.purecfnm.com/ - NONE/- text/html
> 1211935075.473      0 87.80.92.213 TCP_DENIED/403 379 HEAD
> http://members.purecfnm.com/ - NONE/- text/html
> 1211935075.485      0 219.236.102.44 TCP_DENIED/403 1847 GET
> http://www.google.cn/ - NONE/- text/html
> 1211935097.147      0 217.20.115.156 NONE/400 2431 GET error:double-CR -
> NONE/- text/html
> 1211935075.540      0 80.80.3.130 TCP_DENIED/403 2281 GET
> http://fly.emirates.com/ - NONE/- text/html
> 1211935075.551      0 87.80.92.213 TCP_DENIED/403 379 HEAD
> http://members.purecfnm.com/ - NONE/- text/html
> 1211935075.608      0 87.80.92.213 TCP_DENIED/403 379 HEAD
> http://members.purecfnm.com/ - NONE/- text/html
> 1211935075.609      0 78.109.30.208 TCP_DENIED/403 2492 GET
> http://wap-top.ru/top/count.php? - NONE/- text/html
> 1211935075.613      0 87.80.92.213 TCP_DENIED/403 379 HEAD
> http://members.purecfnm.com/ - NONE/- text/html
> 1211935075.619      0 123.19.141.173 TCP_DENIED/403 2179 GET
> http://l01.member.mud.yahoo.com/config/pwtoken_get? - NONE/- text/html
> 1211935075.651      0 80.80.3.130 TCP_DENIED/403 2281 GET
> http://fly.emirates.com/ - NONE/- text/html
> 1211935075.879      0 221.219.135.93 TCP_DENIED/403 2295 GET
> http://afe.specificclick.net/? - NONE/- text/html
>
> Chris-
>
> --- On Tue, 5/27/08, Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> wrote:
>
>> From: Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx>
>> Subject: Re:  Squid Proxy Hijacked By Hackers in China
>> To: badaboom003-asdf@xxxxxxxxx
>> Cc: squid-users@xxxxxxxxxxxxxxx
>> Date: Tuesday, May 27, 2008, 3:11 PM
>> On tis, 2008-05-27 at 14:44 -0700,
>> badaboom003-asdf@xxxxxxxxx wrote:
>> > Hi,
>> >
>> > I upgraded to 3.0. The access log got blown away when
>> i upgraded... Is the following configuration correct for
>> 3.0? Am I missing anything necessary for security?
>>
>> For completeness I would also use never_direct allow all.
>> It shouldn't
>> be needed, but also doesn't hurt and gives you
>> additional security just
>> in case.
>>
>> Regards
>> Henrik
>
>



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux