Search squid archive

Someone's using my cache?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



New user of squid. Used it many years ago but things have changes. I set up a proxy recently then forgot about it as I had other jobs to take care of. Seems I left it running but only had a couple of sites with IPs to the cache for testing.

Yesterday, I wanted to get back to the cache and saw a great deal of traffic I/O on the cache but the weird part was that none of it was for or on my network. It looked like I've been used as some sort of payment gateway for a short while :). 
Anyhow, I do have firewall security in place, there was no compromise of the server itself so how in the heck was this happening? I kept the logs but being new to squid, means nothing to me just yet. 

Here is my very basic setup file, maybe it's something silly I did, like the last line that says let anyone in. I would appreciate input on this, thanks very much.

Mike


cache_mgr support@xxxxx
visible_hostname ca35.xxxxx
cache_dir ufs /var/spool/squid 1000000 16 256
cache_mem 768 MB
maximum_object_size_in_memory 64 KB
hosts_file /etc/hosts

http_port 80 transparent
http_port 443 transparent

acl all src 0.0.0.0/0.0.0.0
acl Safe_ports port 80 443
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl accel_hosts dst 192.168.1.40
http_access     allow accel_hosts
http_access     allow manager localhost
http_access     deny manager
http_access     allow all
deny_info http://www.xxxxxx.com/ all

logformat       combined %{Host}>h %>a %ui %un [%tl] "%rm %ru  HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
logformat       vcombined %{Host}>h %>a %ui %un [%tl] "%rm %ru  HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h"
access_log      /var/spool/squid/log/access.log combined
access_log      /var/spool/squid/log/vaccess.log vcombined
cache_store_log /var/spool/squid/log/store.log
cache_log       /var/spool/squid/log/cache.log

icp_access                      allow all
cache_effective_group           squid
coredump_dir                    /var/spool/squid
forwarded_for                   on
emulate_httpd_log               on
redirect_rewrites_host_header   off
buffered_logs                   on
cache_effective_user            squid
cachemgr_passwd xxxxxxxxxxxxxxxxxx all



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux