Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 19 May 2003 15:54:19 -0300
From:      Antonio Torres <antonio.torres@newspace.net.br>
To:        freebsd-isp@freebsd.org
Subject:   Re: Illegal use of my server??
Message-ID:  <20030519155419.4a37c6de.antonio.torres@newspace.net.br>
In-Reply-To: <501EEBD0-8A27-11D7-8061-000393D5E5DA@hub3.net>
References:  <523443F2-8A26-11D7-A0BC-003065BA9B36@titania.net> <501EEBD0-8A27-11D7-8061-000393D5E5DA@hub3.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

*Any* http proxy misconfigured can be used for mail relay ...

Squid, Apache+mod_proxy, delegate ...

a simple "CONNECT xxx.yyy.zzz.ttt:25 HTTP/1.0" can put your proxy (or your IP) in trouble (or in RBL)....


For *any* kind o proxy :

   Read the manual !
   Search google for tips&tricks

   be paranoic: 
        use ipfw (or other 'firewall') to add an extra level of security/filtering

   be more paranoic : read the logs !!


[]s


On Mon, 19 May 2003 11:25:48 -0700
Bryan Vyhmeister <bsd@hub3.net> wrote:

> I don't quite understand what happened. How was Squid used to relay 
> mail? I'm glad this thread came up because I am just about to deploy a 
> Squid cache.
> 
> Bryan
> 
> On Monday, May 19, 2003, at 11:18 AM, Joseph T. Klein wrote:
> 
> > The Squid package and port should have a *big* warning sign on them 
> > about this.
> > I know of at least one network that was blacklisted due to the lack of 
> > tight
> > ACLs on Squid.
> >
> > On Monday, May 19, 2003, at 01:09  PM, Tony Saign wrote:
> >
> >> Any legal gurus out there??
> >>
> >> Long story, but I'll summarize;
> >>
> >> On Friday 05/16 my T1 went down.
> >> In troubleshooting attempts it was discovered that a machine, on my
> >> network was being used maliciously.
> >> Not hacked, but Squid was being used to relay mail (i.e. SPAM).
> >> The machine was immediately brought down, and Squid was disabled.
> >>
> >> I received a call from my ISP, and they are NOT happy.
> >> Looking @ the logs, it appears that several thousand SPAM emails may
> >> have been sent.
> >>
> >> What should I do? Can I pursue each ISP in attempts to track down the
> >> guilty parties?
> >> Can I take any legal action against them?
> >> This is the last straw! I'm so frickin' sick of SPAM, and now people
> >> potentially got some w/ my IP address!
> >> Grrr!!!
> >>
> >> Any suggestions, advice would be greatly appreciated.
> >>
> >>


-- 
Antonio Torres
antonio.torres@newspace.net.br

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030519155419.4a37c6de.antonio.torres>