> Is this true then that they can't check or are they basically saying we > can't be bothered cause there's too much going through and it's doesn't > justify the man hours to check it your wee problems.
I think that's entirely down to the config of the proxy. Most proxies handling any reasonable number of requests will generate a huge amount of log info (I seem to remember talking to a sysadmin who administered squid caches which generated over 80MB logs per day). Due to this I can see that some would be tempted to just say 'to heck with it' and either turn logging off, or keep only a day or twos worth of log info. Of course, depending on the law in your country, you may be legally obliged to keep logs, but that's another issue. One thing that might be worth checking to see if the ISP's web proxy is setting any kind of 'X-Forwarded-For' HTTP header (I know squid can be configured to do this). If this is the case, then I believe you can use mod_perl to capture the IP the requests are being forwarded for in your logs instead of the proxy ip ... maybe this will be of more use in tracking down the perpetrator. Regards, John P.S. What exactly are you refering to when you say '/etc/password hack'? _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
