Software602 Home . products . download . support . register . how to buy . . view cart . . . contact us . . . .
Software602 Home . . . . . .
. .
.
.
Software602 Login
E-mail:
Password:
forgot?
.
Support Home .
.
User Forum .
.
Knowledge Base .
.
Submit Ticket .
.
View My Tickets .
.
Remote Support .
.
Purchase Support .
.
. .
.
Groupware Server 6.0 User Forumforum home | rss | search | terms of use
BackBack to Groupware Server 6.0 Forum
Add New TopicAdd New Topic
Post ReplyPost Reply
Proxy Attack Groupware 5
  Posted by  Trevor Bowden  on Wednesday, January 30, 2008 at 8:56:47 PM (EST)
I loaded Groupware with the idea of filtering the content my staff we accessing on the internet
When I turned on the proxy server even with the firewall set to max I was hit with 1000+ proxy requests per hour from outside my fire wall.
My Groupware has since crashed and I have reinstalled LS2004. I am still getting hit from outside the firewall
but I havnt turned on the proxy
Any Ideas
Samples below of proxy requests

3032 Request: http://aff.primaryads.com/t.asp?id=7422&e=11523
2988 Request: http://www.houndshow.cn/
2768 Request: http://www.cpa-cpc-cpm.com/banner/1025/7031&dp=0
3016 Request: http://www.clickingagent.com/proxycheck.php?ip=150.101.21.154&port=80&loc=
2944 Request: http://v10.xmlsearch.miva.com/bin/findwhat.dll?getresults&base=0&dc=10&mt=cheap+health+insurance&ip_addr=150.101.21.154&aff_id=64057&fl=0&fmt=xml8859-2&at=F789D9NR7
1:37:20 AM PROXY: 2672 Request: http://login.parkingempire.com/z/1331/CD42/
1:37:40 AM PROXY: 2668 Request: http://www.clickingagent.com/proxycheck.php?ip=150.101.21.154&port=80&loc=
9:00:49 AM PROXY: 2956 Request: http://www.cpa-cpm-cpc.com/banner/412/20516&dp=0
Connections established:

[2] incoming call from auh-as34275.alshamil.net.ae, service smtp, connected from 9:30:51 AM 31/01/2008,
for 6 min., 25 sec., sent 142 B, received 80 B (0 B/s)
  Posted by Peter Crown  on Friday, February 01, 2008 at 2:13:39 PM (EST)
--------------------------------------------------------------------------------
Firewall and proxy in 2004 and 5.0 are nearly identical. 5.0 allows antivirus scanning on proxy, 2004 did not. It seems, that for some reason you acted as open proxy and got abused by DOS attack. This is due misconfiguration of your proxy server settings.

It is true that LAN SUITE includes firewall, but it's protection is limited. If you get DOS attack, then pretty much any software firewall will have a problems to handle it. Best recommendation is stop such attack by hardware firewall installed between your network and Internet. This will also give you more CPU power for proxy and messaging.
BackBack to Groupware Server 6.0 Forum
Add New TopicAdd New Topic
Post ReplyPost Reply
.
. . .
. products | download | support | buy | contact | privacy | partners | company | news | site map | feeds | Software602 News (RSS 2.0) .
.
  © 2008 Software602, Inc. All rights reserved.