RE: [afnog] Squid 2.4

["Mark Tinka" <mtinka at africaonline.co.ug>]

Title: Message

Wouldn't you rather secure the server, either by ensuring no unnecessary logins, usernames and passwords are available on the box or better, making a clean install with the knowledge that you did a neat job and know everything about the box?

 

You can then resume your Squid service on the same IP [after confirming with your upstream], or use another IP address you think the don't filter.

 

Either way, you need to feel secure about the security of your box. There's no telling how much damage has been done if you feel it's been compromised.

 

Regards,

Mark Tinka - CCNA
Network Engineer, Africa Online Uganda

-----Original Message-----
From: afnog-bounces at afnog.org [mailto:afnog-bounces at afnog.org] On Behalf Of Dorcas Muthoni
Sent: Thursday, August 07, 2003 1:48 PM
To: afnog at afnog.org
Subject: [afnog] Squid 2.4

I have a problem with squid at one of my sites.

Squid is running as root and nobody (FreeBSD).When i start squid,it starts with two other sub-processes: (squid)(squid) and (unlinkd)(unlinkd) both owned by nobody. I have noticed that requests made from this server do not go past our national backbone and on contacting my service provider (the backbone) they said that a filter had been put on this IP. Now i am sure one squid is not legitimate because he says that a squid running on that IP has been compromised.

I need to know which is and how to stop the wrong squid and bar anyone from starting such a service.It is likely to be an internal person.

---

Express Yourself - Share Your Mood in Emails! Visit www.SmileyCentral.com - the happiest place on the Web.

__________________________________________________
This is the Africa Network Operators' Group(AfNOG) 
technical discussion list.
The AfNOG website is: <http://www.afnog.org>