PROXY-ABUSE (Apache/Linux) - HELP and INFO wanted

PROXY-ABUSE (Apache/Linux) - HELP and INFO wanted

Post by Marc Moelle » Sun, 11 Jun 2000 04:00:00



hi,

on my webserver I get on _ALL_ (!) virtual host(-IPs) proxy-request
on port 80 in the form

"GET http://somewhere.else/cgi-bin/bannerbin.cfg?47049920011 HTTP/1.0"

these are mostly cgi-bin-reguest, often to banner-ads.
does anyone else notice such requests on her/his weblogs ?

the requests are originated _FROM ALL OVER THE WORLD_ (.uu.net, .ru,
...), often dialup-accounts.

I started rejecting IP-addresses, but my real question is:
WHERE/WHY DO THESE REQUEST COME FROM ?

any clues/help appreciated.

TIA
Marc M.

 
 
 

PROXY-ABUSE (Apache/Linux) - HELP and INFO wanted

Post by <da.. » Sun, 11 Jun 2000 04:00:00


User-Agent: tin/1.4.2-20000205 ("Possession") (UNIX) (Linux/2.2.14-5.0 (i586))


Quote:> on my webserver I get on _ALL_ (!) virtual host(-IPs) proxy-request
> on port 80 in the form
> "GET http://somewhere.else/cgi-bin/bannerbin.cfg?47049920011 HTTP/1.0"
> these are mostly cgi-bin-reguest, often to banner-ads.
> does anyone else notice such requests on her/his weblogs ?
> the requests are originated _FROM ALL OVER THE WORLD_ (.uu.net, .ru,
> ...), often dialup-accounts.
> I started rejecting IP-addresses, but my real question is:
> WHERE/WHY DO THESE REQUEST COME FROM ?
> any clues/help appreciated.

Turn off your proxy for outside addresses. Someone is using your machine
to relay click-thru's and is probably being paid for each hit.

--
Danny Aldham     Providing Certified Internetworking Solutions to Business
www.postino.com  E-Mail, Web Servers, Web Databases, SQL PHP & Perl

 
 
 

PROXY-ABUSE (Apache/Linux) - HELP and INFO wanted

Post by Hans Svensso » Thu, 15 Jun 2000 04:00:00


Could another explanation be that bannerclicks need to come from different
hosts to bring the advertiser the money?

I too have a server that gets alot of this traffic. I didn't understand why
until a day one of our net administrators told me to close my anonymous proxy
as it had been listed on a web page among many others. So, keep restrictions
on your proxy. It might also help to add the mod_proxy_add_forward module to
Apache, giving requests an extra header telling where the real request come
from.

Right now I'm thinking of a way to make some money myself on all these
unwanted requests I'm still getting...

//Hans

 
 
 

1. Apache and www proxy server info wanted

Following is my environment,

SunOS: 4.1.4
hostname: mars
WWW Server: Apache 1.0.1

mars connects to my ISP and users on mars can browse the web.
I have two systems venus and earth connected to mars.
Users on earth and venus cannot directly browse the web, they
have to login to mars and then use a browser. Is there something
I can install on mars that will enable users on earth and venus
to use a browser directly? Heard that I have to install a proxy
server but wasn't sure if Apache already supported it.

Please respond by email.

--


The Dalmatian Group Inc.        | Home page: http://www.jagunet.com/~mahesh/
  User Interface Specialists    | FAQ Maintainer of TeleUSE GUI Builder

2. Odd download speed difference

3. Apache abuse (as a proxy)

4. Sam Richards, a bigger moron !

5. Help wanted:Apache 1.3, Proxy Block & Error Message

6. Comments on JFH II's Shadow passwords software

7. Proxy recommendations & Squid configuration info wanted

8. bootpd for solaris

9. http proxy - CERN info wanted

10. Apache with access control vs proxy (Not apache AS proxy)

11. Doom + Abuse + Abuse + Chess + EMACS + Netscape = no problem!

12. apache as reverse proxy: HowTo wanted!

13. Networked stand-alone Linux info wanted, HELP !!!