To Zope, My name is Juan Lorenzana and I am a system administrator for an ISP in Brazil. They offer virtual servers and virtual hosting. The reason I am sending you this email is that one of our virtual hosting customer's web site is being flooded with requests that appear to be related to zope. An excerpt of the log files appear below: Access Log file: 168.226.70.160 - - [24/Sep/2003:11:34:50 -0600] "GET /put?ver=01&task=newzad&first=1 HTTP/1.1" 404 285 216.244.197.250 - - [24/Sep/2003:11:35:55 -0600] "GET /put?ver=01&task=newzad&first=1 HTTP/1.0" 404 273 200.63.144.150 - - [24/Sep/2003:11:36:10 -0600] "GET /put?ver=01&task=newzad&first=1 HTTP/1.0" 404 273 Error Log file: [Wed Sep 24 11:34:50 2003] [error] [client 168.226.70.160] File does not exist: /httpd/htdocs/put [Wed Sep 24 11:35:55 2003] [error] [client 216.244.197.250] File does not exist: /httpd/htdocs/put [Wed Sep 24 11:36:10 2003] [error] [client 200.63.144.150] File does not exist: /httpd/htdocs/put As you can see, this box is being hit by thousands of machines requesting a put file with variables similiar to the ones that released in your patch "CMFHotfix_20030908" found on your website at http://cmf.zope.org/download/CMFHotfix_20030908/announce-CMFHotfix_20030908 With a little help from google, we were able to track an instance where someone started experiencing these same put request and the fix pointed to your website for the CMFHotFix_20030908. The problem is that this virtual host customer is being hit by thousands of machines all trying to execute put? with ver=01&task=newzad&first= as arguments. I only included a 20 second snap shot fromthe log files, but we are receiving thousands of requests per second. The server is being overloaded and I had to throttle the server to keep it up. We do not know exactly what is going on, but suspect that someone, thousands of machines that use Zope are making put requests to this client. Not sure why or how,but we suspect that it has to do with zope and wanted to contact someone to see if they could help us address the issue. Currently we wrote a program that blackhole's every ip trying to connect. However, we have already blocked over 2000 ip addresses and they just keep coming. The log files are over 4 Gigs, and had we not throttled the server, they would probably be a lot bigger. Anyway, who can we talk to about finding out what is really happening and why. The URL of the site that is being hit is www.revistaprofashional.com.br If you can direct me to someone that can help, I would really appreciate it. Thanks. Juan Lorenzana Techincal Support juan@itwest.net 602-738-3220