Find the answer to your Linux question:
Results 1 to 3 of 3
Hello, I've been doing some research into privoxy, but haven't been able to find what I'm looking for, so I'm hoping someone here might be able to throw their two ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2006
    Posts
    2

    Privoxy Hijacking


    Hello,

    I've been doing some research into privoxy, but haven't been able to find what I'm looking for, so I'm hoping someone here might be able to throw their two cents in.

    Recently, a site that I'm the webmaster for got a fraud order with a stolen credit card. We've traced the ip on it, and the host of that ip (a college) traced it back to a proxy server. That proxy server was privoxy run on a student's machine. This student is claiming that their IP address must have gotten leaked to the internet, as they had a boatload of traffic soon after running the proxy, that is, they didn't do it.

    I got a copy of the privoxy log, but it doesn't tell me much... The log looks something like this:
    Feb 20 16:55:02 Privoxy(01234) Request: www.linuxforums.org/forum/newthread.php

    So I'm left wondering... Is this possible? Could someone hijack the proxy and filter their own requests through it? What would be required to do that? I'm pretty sure it was someone else on the same network who did it, but would a simple port scan or something let you know that an IP was running privoxy? And, is there any way to trace the origin of something that went through privoxy? If it's true that this person didn't do it, and was simply hijacked, have we now hit a dead end? Any info or speculations would be appreciated!

    -Jim

  2. #2
    Just Joined!
    Join Date
    Jan 2007
    Posts
    1
    If you expose your port to the world, in the default installation of privoxy anybody can use the proxy.

    toto

  3. #3
    Linux Guru smolloy's Avatar
    Join Date
    Apr 2005
    Location
    CA, but from N.Ireland
    Posts
    2,414
    I realise this is a very old thread, but just in case anyone is still reading it, perhaps the privoxy user was also running a tor server, and had left the default configuration -- in other words, they were an exit node. In this case, they'd generate a huge amount of traffic, and a substantial amount of it would be "dodgy".
    Registered Linux user #388328 || Registered LFS user #15880
    AMD 64 X2 4600+ :: 2X1GB DDR2 800 :: GeForce 9400 GT 512MB :: ASUS M2N32 Deluxe :: 4X250GB SATAII
    Need instant help? Try us on IRC -- #linuxforums on freenode

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •