Ammad

[Log in to get rid of this advertisement]

dear all,
after monitoring SARG (squid reports), i saw very strange output there are alot of user's computer that are going to download some gif or other file from p.yimg.com, x.yimg.com , l.yimg.com, while checking the overall size of donwloading, i got alot of systems were donwloading 80-400 MB daily(each system).
there are 40-60 systems on network. After monitoring each system physically, result was no one visiting to yahoo site but access log shows that system is visiting and donwloading content from yahoo site.

so i blocked this using acl of squid. but now user are complaining that are not ablt to sign-in to yahoo mail, messenger.

Is there any way to block spyware using squid. or best anit-spyware to control these issues.

thanks.

alonelion

I have the same problem on my network, but there is some computers downloading about 10 GB(!!!) daily from these addresses. iptraf shows 2,5-3Mbps traffic from these computers but users don't know nothing about that. Can be that any kind of malware using yahoo domain? Please excuse my bad english and thank you all in advance.

rossonieri#1

@ ammad :

it can be your squid doesnt perform well anymore.
yahoo! is advertising-based services. my experience is squid only keeps gifs from port 80 traffic - but not from 5050 as in messenger.
so the work around maybe only to limit messenger access.

@ alone :
it seems malware to me - do virus scanning.

but overall - myself also seems to find bugs in yahoo webmessenger - where i see it become very non-stop chatters when it comes active. cant configure what that was all about thou.

hth.

alonelion

Hi again,
I have blocked traffic to and from IP 87.248.125.47 and and i have no more "fake traffic" but now is not working the new yahoo mail (classic mail still working normally and messenger too). Is not a good solution but...i have not another one better...