Avatar of Rupert Eghardt
Rupert Eghardt
Flag for South Africa asked on

Uncontrolled Generated Internet Traffic

Hi Guys,

We are using a 3rd party internet proxy server at a site for workstations to have controlled internet access.

Over the December period there were extremely high internet usage and traffic through- put on the internet proxy server.

Upon investigation we found thousands of the following URL requests in the log files.
In an attempt to stop the persistant lookup we asked the users to use Firefox instead of IE (not sure if this will stop the occurance)

http://www.google.co.za/webhp HTTP/1.1

Does anyone perhaps know what this URL on Google refers to, and why it would popup thousands of times in the logs?
JavaScriptNetworkingSoftware Firewalls

Avatar of undefined
Last Comment
Rupert Eghardt

8/22/2022 - Mon
Dave Baldwin

Looks like it might be related to the Google Toolbar or another Google service.  http://answers.yahoo.com/question/index?qid=20080304152357AA4DT3U
Rupert Eghardt

ASKER
Thanks Dave,

I agree.  It is quite a tricky one, as we are unable to block all Google traffic in the proxy config.  

I wonder how one could prevent these site-visits from pushing up the internet usage?
Dave Baldwin

Are you in South Africa?  Maybe you can get rid of all the Google Toolbars.  They aren't actually needed for anything but feeding Google's marketing machine.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Rupert Eghardt

ASKER
We are still experiencing high traffic in IE when inserting the internet proxy settings.
The logs report continuous recurring entries:  http://www.google.co.za/webhp HTTP/1.1

When we remove the settings and use Firefox instead, the activity stops and the usage drops to normal.

In IE I am unable to identify any obvious cause, no toolbars, no "add-on's"

I have even tried uninstalling IE and reinstalling.  The traffic re-occurs as soon as IE has the proxy settings configured.  I guess it must be a 3rd party application using the IE settings?
Dave Baldwin

Looks like it is a 'redirect' virus or trojan.  It is capable of infecting Firefox too.  http://www.bleepingcomputer.com/forums/topic309331.html
ASKER CERTIFIED SOLUTION
Rupert Eghardt

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Rupert Eghardt

ASKER
No solution found, using Firefox instead for the time being
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.