Hello Samuele, >> Is there any progress on this issue? Under 1.1 the missing pages >> produce much more noise than the old mod_python. > > sorry to come back to this issue only now. Indeed a fix for this has been > provided for maint-1.0 in: > > commit 22f4e36755d7103e420da10968f60430ed797c26 > Author: Samuele Kaplun <samuele.kap...@cern.ch> > Date: Fri Dec 7 15:06:46 2012 +0100 > > bibdocfile: better error report for unknown format
I've taken a look and it doesn't seem to me that it provides a fix for a /index.php, /phpmyadmin.php, ../../../etc/passwd or /wp-whatever hits, exceptions and subsequent mails that I'm constantly getting from our Traces sistem since we are at 1.1. Under 0.99 old mod_python Invenio, Apache handled those not-found, but now they are caught by wsgi Invenio, causing those mail floods on my inbox. > commit 6d6e985c9abcf02bd85f9eb442e116547eb1f531 > Merge: 35fae49 22f4e36 > Author: Tibor Simko <tibor.si...@cern.ch> > Date: Thu Dec 20 10:53:36 2012 +0100 > > Merge branch 'maint-1.0' into maint-1.1 > > * maint-1.0: > bibdocfile: better error report for unknown format > > I think you should be able to safely update to latest maint-1.1 in order to > benefit from this fix. Again, after reading the patch I see it as if it only hanles /record/x/file/whatever attacks, but not the others. Maybe I'm wrong. So, I understand that we need a general solution to provide an (a) 404 not found to the attacker, and/or (b) a digested summary to the admin. Aren't the other sites having this flood of attacks? I doubt we are the only ones. Thanks, Ferran
