[unisog] massive uptick in targeted spam this weekend and week

H. Morrow Long morrow.long at yale.edu
Tue Oct 15 20:58:33 GMT 2002


Steve VanDevender wrote:
> This does underline just how bad the open HTTP proxy problem is right
> now, and that it's likely to get worse.  Open proxies are also much more
> than a spam problem, as they generally allow effectively anonymous
> connections to any TCP service.

Yes. I wrote a shell script to find all of the 'relays' which were pumping
the "spam" to us.  It was quite a long list and the spam was quite evenly
distributed among the many hosts.  Only a few of the relays had been used
repeatedly.

=> Almost all also were found to have an open HTTP proxy (usually squid)
=> running at TCP port 8080.

I found a local host on the list which was not running an HTTP proxy at 8080.

It turned out that the Apache web server running at TCP port 80 (std WWW port)
would also function as an open HTTP proxy at that port as well (this is apparently
a not uncommon 'feature' which can be turned on in Apache web servers...).

H. Morrow Long



More information about the unisog mailing list