[Scottish] Checked your proxy lately?

[Colin McKinnon]

Hi all,

While I'm sure you've all got your systems setup securely, I've noticed that 
recently there is more noise in my logs from HTTP proxy requests than I get 
for ssh attacks. AFAIK, I'm not running an open proxy. 

The origin of these requests are primarily China. Do I nned to spell out the 
risks here?

It may be worth having a wee check of your logs/configs?

92.240.68.153 - - [07/Jan/2011:12:58:09 +0000] "GET 
http://japanese.engadget.com/media/2007/10/apple_sony_cybershot_t2.jpg 
HTTP/1.1" 404 
325 "http://www.altavista.com/image/randomlink" "webcollage/1.135a" - 1155 
kermit.southwold.net "text/html"

58.218.204.110 - - [07/Jan/2011:16:16:02 +0000] "GET 
http://www.foodnese.com/indux.php HTTP/1.1" 404 288 "-" "Mozilla/4.0 
(compatible; MSIE 6.0; Windows NT 5.1)" - 763 
kermit.southwold.net "text/html"

58.218.199.147 - - [07/Jan/2011:20:00:23 +0000] "GET http://173.201.161.57/ 
HTTP/1.1" 200 26 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" - 
14391 kermit.southwold.net "text/html"

58.218.199.147 - - [07/Jan/2011:22:25:08 +0000] "GET 
http://98.126.15.13/proxyheader.php HTTP/1.1" 404 290 "-" "Mozilla/4.0 
(compatible; MSIE 6.0; Windows NT 5.1)" - 1120 
kermit.southwold.net "text/html"