Fallout from GoDaddy’s recent DDoS experience
First, my heartfelt condolences to everyone who was impacted personally or financially by yesterday's DDoS attack against GoDaddy. That includes customers and employees, and as an admin, I know firsthand what it's like when the systems grind to a halt under one of these things, when all that's left is simply to put something else on the front line to check for traffic and wait it out (or request new address blocks all the way around). This, of course, does not take place in a vacuum: when these things hit, we are always surrounded by The Suits who have no clue as to why we can't do anything more (or faster), constantly complaining of our inadequacies (we should have known better; we should have predicted; we should have been better prepared; etc.).
Configuring Squid Proxy on OS/2: Path adjustments
Following onto my post concerning web privacy, I wanted to produce some pointers concerning Squid configuration for web blocking. To do that, of course, I needed a working Squid configuration. Mine was sorely in need of an update. I'd been running 2.6 stable 14(?) for a long time, then upgraded to 3.0 stable 13. I recall that took me some time to get working, but still I suffered repeated crashes under heavy load, so as a result, I did what any other normal user would do: I turned it off.
Well, that's no solution, now is it? It's especially no solution if the goal is to be able to tell other people how to use it!
Misconfigured Mail Servers
Why is it that when someone else has a broken mail server, it's always - always - the receiving server admin's fault that messages coming from that domain don't get through?
This morning, I reviewed a note sent by a client, forwarding a thread to me of someone who apparently didn't get an invoice for something. My client asked me to review the firewall logs to see if the message ever made it to his domain in the first place.
Sure enough, there was no RDNS pointer entered for the sending server, so the Astaro Security Gateway - rightfully - rejected the incoming message.
Luckily (for me), this client is erudite enough to know that this wasn't my fault. However, I've had some client who would point the finger squarely at me, including one who actually said (sarcastically), "I know; it's never your fault. It's always the other guy." Well, when the DNS is incorrect for someone else's domain, that's surely not my fault!
FYI, a good source to check for broken or missing RDNS records is http://remote.12dt.com/ .