Privoxy Hijacking

[arclyte]

Hello,

I've been doing some research into privoxy, but haven't been able to find what I'm looking for, so I'm hoping someone here might be able to throw their two cents in.

Recently, a site that I'm the webmaster for got a fraud order with a stolen credit card. We've traced the ip on it, and the host of that ip (a college) traced it back to a proxy server. That proxy server was privoxy run on a student's machine. This student is claiming that their IP address must have gotten leaked to the internet, as they had a boatload of traffic soon after running the proxy, that is, they didn't do it.

I got a copy of the privoxy log, but it doesn't tell me much... The log looks something like this:
Feb 20 16:55:02 Privoxy(01234) Request: www.linuxforums.org/forum/newthread.php

So I'm left wondering... Is this possible? Could someone hijack the proxy and filter their own requests through it? What would be required to do that? I'm pretty sure it was someone else on the same network who did it, but would a simple port scan or something let you know that an IP was running privoxy? And, is there any way to trace the origin of something that went through privoxy? If it's true that this person didn't do it, and was simply hijacked, have we now hit a dead end? Any info or speculations would be appreciated!

-Jim

[toto_lebolo]

If you expose your port to the world, in the default installation of privoxy anybody can use the proxy.

toto

[smolloy]

I realise this is a very old thread, but just in case anyone is still reading it, perhaps the privoxy user was also running a tor server, and had left the default configuration -- in other words, they were an exit node. In this case, they'd generate a huge amount of traffic, and a substantial amount of it would be "dodgy".