From: Genco YILMAZ (gyilmaz@genco.gen.tr)
Date: Sat 12 Jul 2003 - 09:33:38 EEST
hocam bu isi gercekten spam icin yapanlar bir de proxy lerini acik
birakanlar var.
bu sayi azimsanacak miktarda degil gibi gorunuyor.En azindan mumkun
mertebede
kisitlamak sadece bu.IP araligini degistirsin istedigi kadar siz
birilerinide uyarmis oluyorsunuz.
kolay gelsin
Sancar Saran wrote:
>On Friday 11 July 2003 22:46, you wrote:
>
>
>>selamlar,
>>
>>smtpblock adinda bir proje varmis.
>>http://www.angmar.com/smtpblock/project.html
>>maillog u inceleyip relay e acik posta sunuculari ayni zamanda
>>prxytest adinda bir script le (http://www.unicom.com/sw/pxytest/)
>>open-proxy leri test edip yasakliyor.Daha dogrusu benim okuduklarimdan
>>anladigim bu.
>>Bir deneyip gormek lazim.
>> yahoo da boyle bi sistem kullaniyor. open-proxy niz varsa kisa bir
>>sure icinde yahoo tesbit edip blokluyor sizi.
>>karsilasabilecekler icin
>>(http://help.yahoo.com/help/us/mail/defer/defer-02.html)
>>
>>saygilar sevgiler
>>
>>Halil Helvacioglu wrote:
>>
>>
>>>Bu olay sahsen benim basima geldi.. Spammerlar sonucta kendi mail server
>>>larini kullaniyolar spam gondermek icin, ama SPAM ler sizin IP
>>>adresinizden gidiyormus gibi gozukuyor. AOL den ve bir kac ISP den
>>>telefon geldi SPAM gonderiyorsunuz falan diye, sendmail loglarina baktim
>>>hicbirseye
>>>rastlamadim, sonra squid loglarinla gordum http://xxxxx:25 diye binlerce
>>>log vardi.
>>>
>>>
>>>Bu sitede bu konu ile ilgili bilgi bulabilirsiniz..
>>>
>>>
>>>
>
>Zor block ederler zooor, adamlar duzinelerce c block var, rotate ettirip
>gonderiyorlar, iki ay icinde de c bloklari degistiriyorlar, Ripe tan
>bakiyorsun blogun sahibi belli degil.
>
>
>>>http://news.spamcop.net/cgi-bin/fom?_recurse=1&file=75#file_183
>>>
>>> HTTP Proxies (Cisco and Squid)
>>> Spammers have been hijacking HTTP proxy servers to send their spam
>>>out, usually pointing the finger at the server IP, hiding their IP address
>>>
>>>
>>>from being reported.
>>
>>
>>> Cisco cache engines
>>>
>>> Turn off http proxy service with the "no http proxy incoming"
>>>command in global config mode. This will prevent all users from
>>>arbitrarily using the cache engine as their HTTP proxy server.
>>>
>>> Squid proxies
>>> More and more often, spammers are transferring spam via Squid
>>>proxies. This allows them to hide their tracks entirely, so only the host
>>>of the proxy will be reveald in the spam headers.
>>>
>>> The fix:
>>> squid.conf should read:
>>> http_access deny !Safe_ports
>>> http_access deny CONNECT !SSL_ports
>>> http_access deny all
>>>
>>>
>>>
>>>
>>>
>>>Halil Helvacioglu
>>>
>>>----- Original Message -----
>>>
>>>
>>From: "Sancar Saran" <saran@sim.com.tr>
>>
>>
>>
>>>To: <linux-guvenlik@liste.linux.org.tr>
>>>Sent: Friday, July 11, 2003 9:18 AM
>>>Subject: [linux-guvenlik] Re: Proxy ve SPAM
>>>
>>>
>>>
>>>>On Friday 11 July 2003 18:55, you wrote:
>>>>
>>>>
>>>>>Selamlar...
>>>>>
>>>>>Benim soyledigim, relay mekanizmasi degil. Proxy server (squid)
>>>>>
>>>>>
>>>uzerinden
>>>
>>>
>>>
>>>>>baglanarak yapilan spam..
>>>>>
>>>>>Saygi ve sevgiler..
>>>>>
>>>>>
>>>>???
>>>>
>>>>Nasil olacak simdi o?
>>>>
>>>>Sancar
>>>>
>>>>
>
>
>