Looking over the Apache logs a bit more carefully, I can see several requests of the form: http://www.virtualhost.com/misc_/SiteAccess/VirtualHostMonster.gif and http://www.virtualhost.com/p_/zopelogo_jpg Both of which will return graphics positively identifying your server as Zope unless you've taken measures to the contrary. Oops. Around the same times as the probes for site/vhm//, there were several failed requests to use my server as an open proxy... my guess is that open proxies may be what the probe is *really* looking for. Zope servers running VHM are highly likely to be running Apache and given the variety and age of the available docs on setting up Zope with Apache, it may be fair to assume that some number of Zope+VHM+Apache sites are set up insecurely. A couple thoughts/recommendations: 1. Read up on configuring and securing Apache proxy services: http://httpd.apache.org/docs/mod/mod_proxy.html#access 2. Don't volunteer configuration info to potential attackers. You can conceal misc_ and p_ from your virtual sites by placing empty folders with these names in the folder above your virtual root. You may wish to name your VHM object something unpredictable. Ensure that Apache is configured with ServerSignature Off. FWIW, Dylan