On Thu, 20 Sep 2001 15:24:02 +0200, "Paul Zwarts" <paz@oratrix.com> wrote:

Has anyone had experience with the results of Nimda and CodeRed over zope? I have a suspicion that these worms cause memory leaks on the python process. Although the exploits are designed for MicroSnooze servers, Zope of course tries to parse them anyhow, sometime throwing exceptions at a lower level than the standard_error_page, thus disallowing me to write dtml or python to intercept it. The result, _I_think_ is a memory leak because zope isnt cleaning itself up. But I'm at loss how to prove this....

If you have your Zope connected to the internet then there are lots of good reasons to use a front-end proxy, such as Squid or Apache/mod_proxy, rather than exposing a 'raw' ZServer. medusa's http implementation (used by ZServer) is not as robust as it could be, and there are several denial-of-service attacks which are blocked by Squid and Apache in their default configurations. The Squid mailing list today had some posts discussing rules for blocking such requests. I hope this helps, Toby Dickenson tdickenson@geminidataloggers.com