[Zope] VHM followup... an open proxy probe?

Jerome Alet alet@librelogiciel.com
Sun, 16 Mar 2003 00:13:28 +0100


Hi,

On Sat, Mar 15, 2003 at 02:37:18PM -0800, Jamie Heilman wrote:
> Dylan Reinhardt wrote:
> > 
> > Both of which will return graphics positively identifying your server as 
> > Zope unless you've taken measures to the contrary.  Oops.
> 
> Hmm.  There are million ways to fingerprint zope, I suppose those are
> as good as any.  

http://www.yourserver.com/HelpSys cleary identifies Zope but
also list "some of" the installed products (those which have
documentation). 

/HelpSys shouldn't be available to anonymous users.

Knowing which products are installed, attack is easier.

bye,

Jerome Alet