[techtalk] HELP! Webserver compromised?!?

[James Sutherland]

On Thu, 3 May 2001, Michelle Murrain wrote:
> On Thursday 03 May 2001 03:08 am, jenn at simegen.com wrote:
>
> > You have the proxying module enabled. So yes, there is a proxying
> > function in apache that you're unaware of. It's not compromised
> > (well, not NECESSARILY compromised!), it's just that you left
> > an exploitable function on. They're using your bandwidth to fetch
> > pages for them.
>
> OK, I'm going to risk sounding really ignorant here, especially as someone
> who has been running web servers for several years.
>
> I know about mod_proxy, and the general idea of proxy servers, etc. But how
> does it make any sense in terms of saving bandwidth, for me, for example, to
> relay through a different server, to fetch web pages? The web pages and
> associated files are the same size, whether I get them through another server
> or on my own, and so I'm using the same bandwidth to retrieve the files.
> Further, it would inevitably be slower to get those pages, since I'm going
> through another server.
>
> What am I missing?

Caching. If the server is at your ISP, it doesn't use any extra bandwidth:
the traffic is going "past" the server anyway - but the SECOND person to
fetch that page can then get the cached copy, which is faster than going
direct.

Look at the Squid pages; they link to some useful material about caching,
IIRC. http://squid.nlanr.net/ or http://www.squid-cache.org/.

> I do see, for privacy issues, using someone elses servers to fetch pages -
> there would be ways I guess to hide the actual URLs of the pages fetched. But
> otherwise, I don't get it.

That's another reason; there are a few anonymous proxies for that reason
online, but it takes a LOT of bandwidth to run a proxy for other people
(which is why Brian didn't want to be doing it!)


James.
-- 
Old programmers never die.  They just branch to a new address.
	-- BSD fortune file