[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [afnog] Squid 2.4



On Thu, Aug 07, 2003 at 03:00:55PM +0300, Mark Tinka wrote:
> 
>    Wouldn't you rather secure the server, either by ensuring no
>    unnecessary logins, usernames and passwords are available on the box
>    or better, making a clean install with the knowledge that you did a
>    neat job and know everything about the box?
>    
>    You can then resume your Squid service on the same IP [after
>    confirming with your upstream], or use another IP address you think
>    the don't filter.
>    
>    Either way, you need to feel secure about the security of your box.
>    There's no telling how much damage has been done if you feel it's been
>    compromised.

Good advice. However it could also be something simpler than that: you may
just have configured squid as an open proxy. If you do that, then people
will relay spam through it, and it will get blacklisted just like any other
spam source.

When you reinstall your box, read the squid docs carefully and make sure you
permit access only from *your* IP address range. Once that's done, you can
always post here and ask for someone to test it from their own IP, to check
that it does in fact refuse to serve as a proxy to people on other networks.

Regards,

Brian.
__________________________________________________
This is the Africa Network Operators' Group(AfNOG) 
technical discussion list.
The AfNOG website is: <http://www.afnog.org>