Find the answer to your Linux question:
Results 1 to 6 of 6
Well, I messed up configuring a proxy on apache, and now I'm finding myself the target of a lot of nefarious people trying to use it as a proxy to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie SagaciousKJB's Avatar
    Join Date
    Aug 2007
    Location
    Yakima, WA
    Posts
    162

    Dealing with abuse from huge range of IPs


    Well, I messed up configuring a proxy on apache, and now I'm finding myself the target of a lot of nefarious people trying to use it as a proxy to various websites. Thankfully I caught it early, but even though I've completely shut off the proxying aspect of it and have checked thoroughly that I'm no longer compromised, I'm still being targeted like crazy.

    I'm not sure what to do about it. So far I've just been gathering the IPs and blocking them, but no matter what I do there are hundreds of new ones each day. I've already gathered up over 2,700 different hosts to block, and it's becoming unmanageable.

    I'm considering just taking my apache server off line since all I do is host graphics and a blog off of it, but I don't want to give up.

    Does anyone have some advice?

  2. #2
    Just Joined! Feeyo's Avatar
    Join Date
    Apr 2010
    Posts
    54
    Check out what they are targeting exactly. There is a possibility your box is being used as a server hosting underground scene stuff. Keep your bandwidth monitoring up.

    If there is a lot of bandwidth activity I would put the server down, reinstall and maybe even use another ip address for your server/domain.

  3. #3
    Linux Newbie SagaciousKJB's Avatar
    Join Date
    Aug 2007
    Location
    Yakima, WA
    Posts
    162
    Quote Originally Posted by Feeyo View Post
    Check out what they are targeting exactly. There is a possibility your box is being used as a server hosting underground scene stuff. Keep your bandwidth monitoring up.

    If there is a lot of bandwidth activity I would put the server down, reinstall and maybe even use another ip address for your server/domain.
    Well they're targeting Apache as a proxy.

    You can set Apache up to act as a proxy. I was doing this so I could host using multiple servers and just one site, but the problem is that I misconfigured it, and the proxy became open to everyone, and soon I noticed that there were all sorts of people using it as a proxy to various websites, usually advertising or gambling sites and stuff like that.

    So instead of keeping the proxy configured and open since I don't know what it was I did wrong, I shut off the proxy portion of it completely. However, all these people that were trying to use my proxy are now just getting errors because they're still sending requests to the server regardless of whether it's successful.

    I kind of wanted to see if there was a way to solve it on the Apache side but I don't really know too much about Apache.

  4. #4
    Linux Engineer rcgreen's Avatar
    Join Date
    May 2006
    Location
    the hills
    Posts
    1,134
    Things will probably quiet down now that you are no longer
    running the service. Are they using a lot of bandwidth, or filling
    the logs with error messages?

  5. #5
    Just Joined! Feeyo's Avatar
    Join Date
    Apr 2010
    Posts
    54
    I agree if they were using your http as proxy it will quiet down after a while.
    Look at Varnish this is a really nice project that will get exactly what you want

  6. #6
    Just Joined!
    Join Date
    May 2010
    Location
    San Diego / Tijuana
    Posts
    4
    Check out fail2ban as well. I have it set up so that anyone probing in the wrong place automatically gets a 24 hour ban. It doesn't take long reading the logs to see the links that the bots are probing for.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •