[unisog] I need help.

Steve VanDevender stevev at darkwing.uoregon.edu
Thu Jul 18 18:42:52 GMT 2002


Sylvain Robitaille writes:
 > On Wed, 17 Jul 2002, Mary M. Chaddock wrote:
 > > I'm not sure how big something has to get before it is "really big",
 > > but I have been able to identify one of the major methods of porn-spam
 > > distribution is via CacheFlow Server proxies (which are enabled
 > > by default).
 > 
 > Not to make your findings seem less significant than they are, (but
 > rather simply to add an additional data point), I went through the spam
 > I've received in the past couple of months.
 > 
 > Since May 1, 2002, of 3634 spam messages I received, only 6 appear to
 > have been from CacheFlowServers, and none of them were porn spam (they
 > were all financial spam).  That's less than 0.2% of what I think is a
 > pretty significant amount of spam (for one person to receive)...

CacheFlow servers may not be the biggest problem, but they are still a
significant problem.  Here's the number of connections coming from
identified CacheFlow systems (the ones that ident as "CacheFlowServer@")
per day for the past week received on a system with about 20,000
accounts:

/var/log/syslog:28
/var/log/syslog.0.gz:58
/var/log/syslog.1.gz:65
/var/log/syslog.2.gz:69
/var/log/syslog.3.gz:98
/var/log/syslog.4.gz:184
/var/log/syslog.5.gz:84
/var/log/syslog.6.gz:32

There are plenty of vulnerable squid proxies left out there too.



More information about the unisog mailing list