Loading 高了

January 31st, 2007

從星期日起, almerick.com server Loading 變高了,我便看看發生什麼事, 我一向有用monitoring 工具, 發覺以下情況, 即是與平日相比較十分不同,也沒有高過平日的平均值.

localhostlocaldomain-netstat-week.pnglocalhostlocaldomain-irqstats-week.pnglocalhostlocaldomain-entropy-week.pnglocalhostlocaldomain-cpu-week.png


我再看看dmesg 沒發現硬件異常,這樣我推斷了一係我的機器被crack 了, 或其他軟件問題。繼而用netstat 一看,發現squid佔了很多的CPU time,為了証實沒有被駭,我最後用了chkrootkit也沒有太大問題。 之後我便重點看squid 發生什麼事。

原來黃頁幫改了Squid 設定, 放了給全世界!

同黃頁論討後決定改以下設定:

http_port 127.0.0.1:3128

acl bunnytech src 202.181.240.178/255.255.255.255

http_access allow bunnytech

之後再用ssh tunnel, 即在client side 以 ssh -L 3128:localhost:3128 proxy.xxxx.com

其實最嚴重的事, 是spammer 用我的squid 放spam 郵件, 你們從exim 圖表可以看得出來:

localhostlocaldomain-exim_mailstats-week.pnglocalhostlocaldomain-exim_mailqueue-week.png

甚麼叫spam mail, 可以到企鵝佬郵件專家網頁看看.

This entry was posted on Wednesday, January 31st, 2007 at 8:29 am and is filed under IT. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “Loading 高了”

  1. spacehunt Says:
    January 31st, 2007 at 7:00 pm

    點會咁㗎……邊個 set 㗎……

  2. almerick Says:
    January 31st, 2007 at 8:12 pm

    都話係黃頁幫囉!

  3. 杰少 Says:
    February 4th, 2007 at 8:31 pm

    你又唔講佢叫乜名,點查黃頁喎!!!!!

Leave a Reply