Hi,
I have a website that sits behind squid 2.5 and it got hack into today. Someone from this ip address,
200.148.134.206, has put few files into my website through squid. The content of the index.html is
"Simiens Crew 2004 Ownz U"
Here is the log from squid
1094326387.752 899375 200.148.134.206 TCP_MISS/000 0 PUT http://<hostname>/index.html - DIRECT/<my website ip adress> -
Can any of you give me some insight into this problem, and how to tight my squid server down?
See previous post and add the following to your squid config:
add the below to your ACL section
acl GETONLY method GET
add this one to the *beginning* of your http_access section
http_access deny !GETONLY
Note that this will STOP all requests that are are not GETs. This is an extreme approach. A better way might be to list all valid IPs you expect and then
http_access deny !VALIDIPS
Also use authentication esp. if you are providing a public proxy service.
pgptBArR0vDxH.pgp
Description: PGP signature
