Getting pounded from China on guest account

WinGate Proxy Server and other Qbik products

Switch to full style
Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Post a reply
tjgolla
  • tjgolla
  • Posts: 2
  • Joined: Jan 28 08 9:30 am

Getting pounded from China on guest account

Jan 28 08 9:35 am

I'm a novice at this. I set up Wingate using defaults, and now I'm getting machines outside of my subnet logging into the guest account and chewing up all my licenses (I have the 6-user license).

How do I stop machines outside my subnet (192.168.0.1 - 255) from accessing the guest account?

The service that is being requested is the SOCKS service - whatever that is.

I've disabled the Guest account, but now no one can access the web via Wingate.
labull
  • labull
  • Posts: 710
  • Joined: Sep 06 03 1:03 am
  • Location: Washington, DC - USA

Jan 28 08 12:28 pm

Be sure the SOCKS Proxy Server is not bound to the external adapter. That is found in the Services tab of GateKeeper. If you are not using SOCKS set it to Disabled.
tjgolla
  • tjgolla
  • Posts: 2
  • Joined: Jan 28 08 9:30 am

Jan 28 08 6:27 pm

I finally reloaded WinGate, configured all the NICs, and it all seems to be working nicely.

I checked the bindings for SOCKS, and several other services, and none were bound to an "external" adapter. I'm not sure how that happened, but I'll be sure and check all that stuff in the future.

Thanks for the help!
aRiyano
  • aRiyano
  • Posts: 2
  • Joined: Apr 07 08 1:29 pm

Similar Problem

Apr 07 08 1:33 pm

Hi, Sorry if it might luk as i'm disturbing this thread.

But i think this is the best place to put this in. I have a similar problem, and i've checked, nothing is binded in the Socks tab. I even stopped the service on Socks.

To try what i also did was unplugged the proxy server and tried using my laptop as the proxy, and the same thing started. Can sum1 help me out ?

Thanks and Regards,
Aj.
adrien
  • adrien
  • Posts: 5448
  • Joined: Sep 03 03 2:54 pm
  • Location: Auckland
  • Website

Apr 08 08 5:09 pm

Hi

How is the traffic described in the activity panel in GateKeeper?

that should tell you what service is being used.

Regards

Adrien
aRiyano
  • aRiyano
  • Posts: 2
  • Joined: Apr 07 08 1:29 pm

Managed to Fix

Apr 16 08 6:07 am

Hi,

I did manage to stop the flooding, but in a different way.

I enabled basic authentication on the proxy, so now anyone trying to access the proxy is required to have a user and pass. Else they just get kicked off.

Aj.
adrien
  • adrien
  • Posts: 5448
  • Joined: Sep 03 03 2:54 pm
  • Location: Auckland
  • Website

Apr 16 08 10:01 am

It's pretty common for spammers to scan for port 80 open as well as for SOCKS ports. Then they can use the CONNECT command to send spam through the HTTP proxy.

So it's completely unsafe to have an unsecured HTTP proxy (one that doesn't require some sort of access control) on an external interface - it will be pounded by spammers quicker than you would believe.

Securing it can be a matter of

a) using bindings (normally WinGate won't bind to interfaces it deems are external).
b) requiring auth (as you did)
c) restricting ports that can be connected to on the HTTPs tab(which controls the CONNECT command).
d) locking down IPs that can use the proxy

Regards

Adrien
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Board index