[Zope] zope, curious http requests, apache
Dave Hall
dave-zope at dnh.sk.ca
Thu Aug 7 17:04:10 EDT 2003
On Thu, Aug 07, 2003 at 10:30:11PM +0100, Stuart Robinson wrote:
> Hello all,
>
> I notices in Zope's output stream in the terminal window this evening a
> curious "ZServer Bad HTTP request: 'GET
> /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%
> u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%
> u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0'" ...
> which if I'm not mistaken is a deliberate or scripted attack?
>
> 1st question: This is nothing to worry about with zope, right?
This looks like code-red or something similar looking for a vulnerable IIS server. It shouldn't be a security worry for Zope, just some unwanted traffic.
> 2nd question: is runing zope behind Apache any help?, and if so (while I
> appreciate it is not trivial), what sort of things should I look out for?
> Does anyone know of an 'everymans[!] guide to setting up apache and not doing
> it the WRONG way'? (sorry that's probably my quota of questions tonight I
> know!) :-)
If you wish to block this from reaching the zope server, you could configure
apache to send a HTTP error response rather than forwarding to zope ... or
be evil and send a redirect to the attacking server to attacks itself. The
apache manual httpd.apache.org should have a few good examples of blocking
using either mod_access or mod_rewrite.
--
Dave
More information about the Zope
mailing list