[By Nic Lindh on Tuesday, 25 January 2005]
Looks like the attack is finally petering off and life is returning to normal here in the Shire.
Turns out that it wasn’t a referrer spam attack, per se, but rather that some complete idiot (i.e., me) had somehow clicked the shiny little button that turns Apache into a proxy server. This is bad, very bad, sticking a fork in a toaster bad, as the Internet is constantly being crawled for open proxies, which are then used for various sundry things like hacking porn sites and sending out instant messaging spam. This article nails it right on the head, including a lot of the things we were seeing in the logs.
Needless to say, am feeling quite non-1337 at the moment. Not liking the feeling much. But life is a journey, blah blah, etc. So lesson learned: No open proxies for you.
Going to go ahead and run Nessus to make sure I didn’t overlook anything else stupid-obvious.