[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [afnog] Squid 2.4

To: Mark Tinka <mtinka at africaonline.co.ug>
Subject: Re: [afnog] Squid 2.4
From: Brian Candler <B.Candler at pobox.com>
Date: Thu, 7 Aug 2003 15:24:55 +0100
Cc: afnog at afnog.org
Content-Disposition: inline
Content-Type: text/plain; charset=us-ascii
Delivered-To: afnog-archive at lists.eahd.or.ug
Delivered-To: afnog at afnog.org
In-Reply-To: <015b01c35cdb$8eefa890$f50ab00a at afol.co.ug>;from mtinka at africaonline.co.ug on Thu, Aug 07, 2003 at 03:00:55PM +0300
List-Archive: <http://listserv4.cfi.co.ug/pipermail/afnog>
List-Help: <mailto:afnog-request at afnog.org?subject=help>
List-Id: The AfNOG general discussion list <afnog.afnog.org>
List-Post: <mailto:afnog at afnog.org>
List-Subscribe: <http://listserv4.cfi.co.ug/mailman/listinfo/afnog>,<mailto:afnog-request at afnog.org?subject=subscribe>
List-Unsubscribe: <http://listserv4.cfi.co.ug/mailman/listinfo/afnog>,<mailto:afnog-request at afnog.org?subject=unsubscribe>
References: <20030807104824.CB63F8AEAC at xmxpita.excite.com><015b01c35cdb$8eefa890$f50ab00a at afol.co.ug>
Sender: afnog-bounces at afnog.org
User-Agent: Mutt/1.2.5i

On Thu, Aug 07, 2003 at 03:00:55PM +0300, Mark Tinka wrote:
> 
>    Wouldn't you rather secure the server, either by ensuring no
>    unnecessary logins, usernames and passwords are available on the box
>    or better, making a clean install with the knowledge that you did a
>    neat job and know everything about the box?
>    
>    You can then resume your Squid service on the same IP [after
>    confirming with your upstream], or use another IP address you think
>    the don't filter.
>    
>    Either way, you need to feel secure about the security of your box.
>    There's no telling how much damage has been done if you feel it's been
>    compromised.

Good advice. However it could also be something simpler than that: you may
just have configured squid as an open proxy. If you do that, then people
will relay spam through it, and it will get blacklisted just like any other
spam source.

When you reinstall your box, read the squid docs carefully and make sure you
permit access only from *your* IP address range. Once that's done, you can
always post here and ask for someone to test it from their own IP, to check
that it does in fact refuse to serve as a proxy to people on other networks.

Regards,

Brian.
__________________________________________________
This is the Africa Network Operators' Group(AfNOG) 
technical discussion list.
The AfNOG website is: <http://www.afnog.org>

Follow-Ups:
- RE: [afnog] Squid 2.4
  - From: "Mark Tinka" <mtinka at africaonline.co.ug>

References:
- [afnog] Squid 2.4
  - From: "Dorcas Muthoni" <muthonid at excite.com>
- RE: [afnog] Squid 2.4
  - From: "Mark Tinka" <mtinka at africaonline.co.ug>
- RE: [afnog] Squid 2.4
  - From: "Mark Tinka" <mtinka at africaonline.co.ug>

Prev by Date: [afnog] Frequency license prices
Next by Date: RE: [afnog] Squid 2.4
Prev by thread: RE: [afnog] Squid 2.4
Next by thread: RE: [afnog] Squid 2.4
Index(es):
- Date
- Thread