[Zope] Help: mod_proxy exploit on apache + zope
Thu, 13 Mar 2003 16:26:23 -0800 (PST)
Dave and Jean,
Thanks very much for your help... i tried first of all
which didnt work. Then i tried Daves
this one worked.
Thanks dave... my sites are back up and running.. and
even the attacks ceased... luck me.. Thank-fully i
captured enough pachets from the bastard... so i
believe he will feel the wrath of wayne... lucky for
me he's on DSL :-)
Wow... stress free again...
--- In firstname.lastname@example.org, Dave Hall
> On Thu, Mar 13, 2003 at 03:01:01PM -0800, Wayne
> > All,
> > My server was used for hacking other servers by
> > morons. mod_proxy was set wide open - we were
> > used as a relay for attacks on all sorts of
> > For the sake of people getting attacked, I've had
> > set it to Deny from all.
> Are you using it as a regular proxy or just to
> If you're just front-ending Zope, then check to make
> is NOT set to On. This will enable the proxy
service which you don't
> You will need the proxy module loaded for rewrite to
fetch the URL from
> Zope but you shouldn't need the proxy service
> > This seems to have broken my zope sites, however.
> Yup. mod_rewrite uses parts of mod_proxy.
> | <- You must be smarter than this stick to ride
> the Internet -Mike Handler
> Zope maillist - Zope@z...
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-dev )
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online