I was going to update sometime last week, but life intervened. Maybe some of you noticed this page was down for a while. Its quite a story. In March I was adjusting some apache settings, but got distracted. I missed a line in the config file. Unfortunately the file was still a valid config file. When I rebooted the machine in early July it came up as an open proxy.
Now my machine is a colocated at Hurricane Electric, and the link is pretty fast. A few weeks after I rebooted it someone noticed. As luck would have it it was while I was in the midst of changing groups at work and somewhat distracted. Some people used the the machine to anonymously grab porn. Not a big deal, except the machine actually managed to, for a short time, saturate my link, well past my base rate. Based on the billing estimates, it probably would have cost around $1500. Now these things happen, its like a car accident, or illness. I budget some money for these sorts of things, but it still pisses me off, since this is distinctly a form of theft, often by people who do not have any concept of what bandwidth costs. Hurricane's senior management decided to treat it as a hacking incident, and were very forgiving about it, though they were certainly under no obligation to do so. I can't recommend Hurricane Electric enough.
The irony is that open proxies hide your activities from your ISP, who has an incentive to protect its customers, and instead provide your access pattern to a complete stranger, whom you are costing money. So I would just like to say, to the people who had the following IPs in the last few weeks:
Damn thats a lot of sick twisted porn you guys are into. I have no idea if those IPs are static or dynamic, and quite frankly I just want to let this thing go, but it is sorely tempting to report this to various ISPs, and based on where some of those IPs are, I bet some of the sites or illegal in the viewer's countries. Either way, I feel it is necessary to shatter the facade of anonymity, and I am more than willing to give the logs about this to any authority that asks, regardless of jurisdiction, etc. Most ISPs would insist on subpoenas. Maybe someone should just start a site filled with http logs of machines that have been used as open proxies, and make them all world viewable. After a few court cases use it I bet use of anonymous proxies would drop considerably. Of course it would probably have to run quite a while before it would become useful, but still...
I'll post more about other stuff that has been happening later today, just wanted to get that out of the way.
Posted by louis at August 4, 2003 10:34 AM | TrackBackLouis,
Can you walk me through removal of adminitrator from my G4 laptop if you can spare the time? I am having trouble getting my password from Jefferson (which I find hard to believe). Could you email me the commands?
MaNY THANKS IF YOU CAN FIND THE TIMER. I AM STILL TRYING TO PRY THE PASSWORD OUT OF JEFFERSON.
Best.
Gerry
Posted by: gerry litwack at August 11, 2003 11:04 AMIf my luck was that good.
Posted by: EJ at August 7, 2003 12:30 AM