> -----Original Message----- > From: David Johnson > > Our Zope 3.2.1 server is crashing and we cannot determine why. > > The last entry in the access.log is the following: > 218.160.132.172 - - [10/Mar/2007:22:11:45 -0500] "CONNECT > sextw.com.tw:25 HTTP/1.0" 404 0 "-" "-" >
Hi David, This is an attack on your server to attempt to proxy a connection (CONNECT) to a third party SMTP (port 25) server (sextw.com.tw). The CONNECT command (i.e. like POST, GET and HEAD commands) is part of the HTTP RFC. It is normally not needed on the vast majority of http servers and is usually disabled. I do not know how zope3 handles this case other than by your observed crash. Technically, what you are experiencing is a Denial of Service (DoS). This is only just slightly better than having the actual CONNECT command succeed. If it succeeds then you have just become a spam engine. If you could get a packet capture of the incoming traffic during one of these attacks you might be able to determine how zope is answering. I would recommend that you place zope behind an Apache proxy server for its protection. Personally, I would rather trust in Apache's robustness for dealing with internet threats than (from my point of view) the relatively unhardened internal implementation (twisted or otherwise) that zope 3 offers. By unhardened, I mean that zope 3 has not undergone (to my knowledge) the many years of discovering and fixing of security issues that apache has. I do not know the extent to which zope 3 has undergone any security vulnerability analysis and testing. Both of the zope books explain how to place apache in front of zope and it is quite straightforward. Mark -- 613-947-1359 System Scientist / Scientifique, spécialiste des systèmes Canada Centre for Remote Sensing / Centre canadien de télédéction Natural Resources Canada, 588 Booth Street, Ottawa, Ontario, Canada, K1A 0Y7 Ressources naturelles Canada, 588 rue Booth, Ottawa, Ontario, Canada, K1A 0Y7 Government of Canada / Gouvernement du Canada _______________________________________________ Zope3-users mailing list [email protected] http://mail.zope.org/mailman/listinfo/zope3-users
