[Zope] memory leaks and worms

Toby Dickenson tdickenson@geminidataloggers.com
Thu, 20 Sep 2001 15:33:31 +0100


On Thu, 20 Sep 2001 15:24:02 +0200, "Paul Zwarts" <paz@oratrix.com>
wrote:

>Has anyone had experience with the results of Nimda and CodeRed over
>zope? I have a suspicion that these worms cause memory leaks on the
>python process. Although the exploits are designed for MicroSnooze
>servers, Zope of course tries to parse them anyhow, sometime throwing
>exceptions at a lower level than the standard_error_page, thus
>disallowing me to write dtml or python to intercept it. The result,
>_I_think_ is a memory leak because zope isnt cleaning itself up. But I'm
>at loss how to prove this....

If you have your Zope connected to the internet then there are lots of
good reasons to use a front-end proxy, such as Squid or
Apache/mod_proxy, rather than exposing a 'raw' ZServer.

medusa's http implementation (used by ZServer) is not as robust as it
could be, and there are several denial-of-service attacks which are
blocked by Squid and Apache in their default configurations.

The Squid mailing list today had some posts discussing rules for
blocking such requests.

I hope this helps,

Toby Dickenson
tdickenson@geminidataloggers.com