Shut squid down. It looks like your machine is being used as an open proxy server by the world. It might be advisable to unplug hte machine from the network since you are running a proxy server without knowing difference between a proxy server and web server and therefore unwillingly helping useless people on the net.
Tesla
From: Devon Harding - GTHLA <[EMAIL PROTECTED]>
To: 'Henrik Nordstrom' <[EMAIL PROTECTED]>
CC: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: RE: [squid-users] Outgoing http request?
Date: Wed, 29 Jan 2003 09:36:46 -0500
Well looking at my access.log, I noticed that squid is accessing websites
that no users have requested. I have not allowed any users to access the
cache. These requests are coming from squid itself. I think its some kind
of worm or virus that has affected squid.
61.21.247.37 - - [29/Jan/2003:11:36:22 -0500] "GET
http://home.hanmir.com/%7Eueookjtsou/report/report0635.gif HTTP/1.0" 504
1069 TCP_MISS:NONE
219.106.192.133 - - [29/Jan/2003:11:36:26 -0500] "GET
http://home.hanmir.com/~mrtu82bv3/ss2_0744.jpg HTTP/1.0" 504 1045
TCP_MISS:NONE
67.85.244.205 - - [29/Jan/2003:11:36:38 -0500] "POST
http://www.sparkfind.com/cgi-bin/search/smartsearch.cgi HTTP/1.0" 504 1063
TCP_MISS:NONE
219.98.86.182 - - [29/Jan/2003:11:36:42 -0500] "GET
http://www.directpornstar.com/dmay/n1/WWL01_1051.gif HTTP/1.0" 504 1057
TCP_MISS:NONE
219.181.160.56 - - [29/Jan/2003:11:36:46 -0500] "GET
http://home.hanmir.com/%7Eyabwweo487/egg0412.jpg HTTP/1.0" 504 1049
TCP_MISS:NONE
200.198.194.146 - - [29/Jan/2003:11:36:52 -0500] "GET
http://www.topmoxie.com/external/builds/common/equivalent_domains.htm
HTTP/1.0" 504 1096 TCP_MISS:NONE
218.222.245.221 - - [29/Jan/2003:11:37:10 -0500] "GET
http://210.138.105.147/0616/anime66/anime6601-23.zip HTTP/1.1" 504 1057
TCP_MISS:NONE
165.76.120.115 - - [29/Jan/2003:11:37:40 -0500] "GET
http://home.hanmir.com/~roninman/bijin0289.jpg HTTP/1.0" 504 1045
TCP_MISS:NONE
-Devon
-----Original Message-----
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 28, 2003 9:23 PM
To: Devon Harding - GTHLA
Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
Subject: Re: [squid-users] Outgoing http request?
???
Squid is not a web server. Squid is a proxy. If you have users using the
Squid proxy then each request sent by these users to the proxy will
result in a HTTP request sent by Squid.
Regards
Henrik
Devon Harding - GTHLA wrote:
>
> I noticed in my log, I have out going http request from my squid web
> servers.
>
> No one is on this machine, how are these requests being initiated? Is this
a
> hack attempt?
>
> System is rhl7.3
>
> _____________________
> Devon Harding
> System Administrator
> Gilat Latin America
> 954-858-1600
> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>
> This e-mail is intended for the above named addressee(s), and may contain
> information which is confidential or privileged. If you are not the
intended
> recipient, please inform us immediately: you should not copy or use this
> e-mail for any purpose nor disclose its contents to any person.
>
_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus
