Hi DP's, I just got a AUP warning for one of my boxes with a description below. I'm noobed and dont know where / how to identify the below issue. Im running a proxy network of 5 sites, 3 do NOT encrypt the web address, if this is of any help. Below is the paste of the email. NOTES: Identify the source of this traffic and remove it from the server. /var/log/httpd/blogs.oldradio.net-access_log:72.36.223.34.reversedns.resolve.ru- - [22/Mar/2007:09:10:29 -0500] "POST /archives/2007/02/19/whatever-it-takes-the-politics-of-the-man-behind-24/trackback/ HTTP/1.0" 200 72 "-" "libghttp/1.0" /var/log/httpd/blogs.oldradio.net-access_log:72.36.223.34.reversedns.resolve.ru- - [23/Mar/2007:06:04:38 -0500] "POST /archives/2007/02/24/my-thoughts-about-hal-stone/trackback/ HTTP/1.0" 200 78 "-" "libghttp/1.0" /var/log/httpd/blogs.oldradio.net-ip_log:72.36.223.34.reversedns.resolve.ru - -[21/Mar/2007:10:21:13 -0500] "POST /archives/2005/12/16/west-wing-actor-john-spencer-dies-at-58/trackback/ HTTP/1.0" 200 78 "-" "libghttp/1.0" 72.36.223.34 The policy being broken: [x] Spam Web L Unsolicited, Bulk, or Forged Site Advertisement in Web Logs, Forums, or Guestbooks. Thanks!
oldradio.net seems to be creating the trouble. You might want to consider install mod_security to protect your Apache. That's because anyone can use your proxy to attack online form
I did that and the Data center had replied that : "Unless your client can provide a method to eliminate spam web via HTTP POST (OR limit the proxy use to legitimate users via authentication or by incoming IP address) the proxies will have to be removed from the servers."
Time to find a new host. If you're running an open web proxy there is no way to prevent this from happening as you never know what forum they might attack. If I receive complaints from a forum owner I typically ask for their IPs and block them in my proxy. This way the forum owner is happy and your provider is happy.