On Monday 12 August 2013 at 09:18:24, PSA4444 wrote:
> We are seeing entries like this in our squid access log:
>
> 1376290358.781 151 198.2.208.203 TCP_MISS/200 916 GET
> http://toolbarqueries.google.com.hk/tbr? - HIER_DIRECT/74.125.237.18
> text/html
People (or rather, bots) searching for open proxies...
> How can this one even happen:
> 1376291144.757 879 216.244.78.166 TCP_MISS/302 1057 GET
> http://203.208.46.128/search? - HIER_DIRECT/203.208.46.128 text/html ?
The URL (in this case, an IP address) you see in the GET request is not
necessarily the same as the IP they connected to...
> No idea what this means. I know I could add entries like this by creating
> a hosts file entry to point fake.domain.com to our server but surely it's
> not people doing this?
Bots.
Is there a good reason why your Squid is listening on a pub;lic IP address?
Antony.
--
"Once you have a panic, things tend to become rather undefined."
- murble
Please reply to the list;
please don't CC me.
Received on Mon Aug 12 2013 - 07:56:52 MDT
This archive was generated by hypermail 2.2.0 : Mon Aug 12 2013 - 12:00:07 MDT