On Tue, Oct 14, 2003 at 04:18:17PM -0400, Tres Seaver wrote: > On Tue, 2003-10-14 at 16:08, Chris Pelton wrote: > > Yes, that's what I'm thinking happened here, but I need to verify that > > was the case. Are there any logs in zope that could help track this > > down, or a known configuration that would allow it to happen? Also, for > > future reference, can we disable this? Any ideas how someone might be > > able to tell Zope is running? > > I believe that the scenario Robert is describing does not actually > involve Zope at all; rather, (in this scenario) Apache is willing to > forward arbitrary traffic, via the 'CONNECT' verb. Check your Apache > access logs for the HTTP verb, 'CONNECT'. Squid's default configs have > specific settings to allow CONNECT only for HTTPS; I'm guessing that > your Apache config might need to be tweaked likewise.
Yup, I don't think zope even *can* do something like that. I was guessing that the exploit was at the application level - somebody found a MailHost with wide-open permissions and abused it with a client script. -- Paul Winkler http://www.slinkp.com Look! Up in the sky! It's THE INTOXICATED GIRL! (random hero from isometric.spaceninja.com) _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
