On Tue, 14 Oct 2003 02:25 pm, Richard Jones wrote:
> 1. request comes in which modifies ZODB
> 2. code handling request replies with REQUEST.RESPONSE.redirect()
> 3. redirected page uses data input at step 1 (specifically, it's auth info)
>but that info hasn't been committed yet, so we get erro
On Tue, 2003-10-14 at 07:31, Richard Jones wrote:
> On Tue, 14 Oct 2003 02:25 pm, Richard Jones wrote:
> > 1. request comes in which modifies ZODB
> > 2. code handling request replies with REQUEST.RESPONSE.redirect()
> > 3. redirected page uses data input at step 1 (specifically, it's auth info)
>
/ So, would anybody have any ideas how to determine if this might have
/>>/ been compromised? Or is there a known mail relay exploit through zope
/>>/ somehow? I've checked system binaries and everything seems fine. None of
/>>/ the python files seem to have been changed since well before the
/
What I believe that happened in the case of the missuse of our servers is
something like.
- On server A we have zope running behind Apache as a proxy.
Somebody found this out in an unnown (to me) way.
- Our c-net was scanned for a MTA and server B was found (which only accepts
mail from its own
Yes, that's what I'm thinking happened here, but I need to verify that
was the case. Are there any logs in zope that could help track this
down, or a known configuration that would allow it to happen? Also, for
future reference, can we disable this? Any ideas how someone might be
able to tell
On Tue, 2003-10-14 at 16:08, Chris Pelton wrote:
> Yes, that's what I'm thinking happened here, but I need to verify that
> was the case. Are there any logs in zope that could help track this
> down, or a known configuration that would allow it to happen? Also, for
> future reference, can we di
On Tue, Oct 14, 2003 at 04:18:17PM -0400, Tres Seaver wrote:
> On Tue, 2003-10-14 at 16:08, Chris Pelton wrote:
> > Yes, that's what I'm thinking happened here, but I need to verify that
> > was the case. Are there any logs in zope that could help track this
> > down, or a known configuration th
Chris Pelton wrote:
> Yes, that's what I'm thinking happened here, but I need to verify that
> was the case. Are there any logs in zope that could help track this
> down, or a known configuration that would allow it to happen?
Several, the most common is people using mod_proxy incorrectly.
Look
Thanks for all the help - it was indeed Apache. The older relay messages
did have the CONNECT verb in the logs, however the most recent ones
simply used the formmail.pl which was readily available. Didn't mean to
blame Zope for all of this - just the piece of the puzzle I understood
the least.