Hi Tom, People should correct me if I am wrong, however a proxy server such as squid doesn't know the difference between a legitimate web request, and a malicious one. Both can, and in most cases are required to be compliant with various networking RFC's. A malformed GET request, for instance, done with just the right payload (no need to tweak it to work with squid), and aimed at a sufficiently vulnerable windows box/service is all it takes. Reverse-shell spawning payload would give the attacker unlimited to your machine at that point. Since all a proxy server does is forward web transactions, that service is nearly as vulnerable as if the box was sitting naked on the Internet. So without knowing more details, this comes down to a question of how well patched is your web service?
Hope that helps, Mark > -----Original Message----- > From: Tom Le [mailto:[EMAIL PROTECTED] > Sent: Saturday, September 04, 2004 9:49 PM > To: [EMAIL PROTECTED] > Subject: [squid-users] Web site got hack through squid > > > Hi, > > I have a website that sits behind squid 2.5 and it got hack > into today. > Someone from this ip address, > 200.148.134.206, has put few files into my website through > squid. The > content of the index.html is > > "Simiens Crew 2004 Ownz U" > > Here is the log from squid > > 1094326387.752 899375 200.148.134.206 TCP_MISS/000 0 PUT > http://<hostname>/index.html - DIRECT/<my website ip adress> - > > > Can any of you give me some insight into this problem, and > how to tight > my squid server down? > > Thanks > > > > -- > ---------------------------- > Tom Le > Phone : (604) 612-6617 > Email : [EMAIL PROTECTED] > ---------------------------- > > > ****************************************************************** > This electronic communication (email) is intended only for > the use of the addressee and may contain information which > is privileged and confidential. If you are not the > intended recipient, you are hereby notified that any > dissemination, distribution or copying of this email is > strictly prohibited. If you have received this email in > error, please reply to the sender immediately and delete > the original and all copies. Thank you. > ****************************************************************** > > >
