New user of squid. Used it many years ago but things have changes. I set up a proxy recently then forgot about it as I had other jobs to take care of. Seems I left it running but only had a couple of sites with IPs to the cache for testing.
Yesterday, I wanted to get back to the cache and saw a great deal of traffic I/O on the cache but the weird part was that none of it was for or on my network. It looked like I've been used as some sort of payment gateway for a short while :). Anyhow, I do have firewall security in place, there was no compromise of the server itself so how in the heck was this happening? I kept the logs but being new to squid, means nothing to me just yet. Here is my very basic setup file, maybe it's something silly I did, like the last line that says let anyone in. I would appreciate input on this, thanks very much. Mike cache_mgr [EMAIL PROTECTED] visible_hostname ca35.xxxxx cache_dir ufs /var/spool/squid 1000000 16 256 cache_mem 768 MB maximum_object_size_in_memory 64 KB hosts_file /etc/hosts http_port 80 transparent http_port 443 transparent acl all src 0.0.0.0/0.0.0.0 acl Safe_ports port 80 443 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl accel_hosts dst 192.168.1.40 http_access allow accel_hosts http_access allow manager localhost http_access deny manager http_access allow all deny_info http://www.xxxxxx.com/ all logformat combined %{Host}>h %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh logformat vcombined %{Host}>h %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" access_log /var/spool/squid/log/access.log combined access_log /var/spool/squid/log/vaccess.log vcombined cache_store_log /var/spool/squid/log/store.log cache_log /var/spool/squid/log/cache.log icp_access allow all cache_effective_group squid coredump_dir /var/spool/squid forwarded_for on emulate_httpd_log on redirect_rewrites_host_header off buffered_logs on cache_effective_user squid cachemgr_passwd xxxxxxxxxxxxxxxxxx all
