Fw: [Zope-Annce] Zope a finalist for Software Development "Jolt" Awards
Folks, as he says, "let the lobbying begin!" ;-) ----- Original Message ----- From: Larry O'Brien To: zope-announce@zope.org Sent: Thursday, February 08, 2001 12:58 PM Subject: [Zope-Annce] Zope a finalist for Software Development "Jolt" Awards Zope is a finalist for best software product of the year in the "Language and Development Environments" category of this year's Software Development Jolt Awards. Other finalists are JBuilder, Perl Builder, PHP, WebGain Studio, and Weblogic EJB Server. The Jolt Awards were launched in 1999 by yours truly when I was editor of Computer Language Magazine and were the first awards for the software development tools industry. Philippe Kahn (once head of Borland) said that the can of Jolt Cola embedded in a block of lucite is the only award that matters in the programming industry. Anyhow, I'm one of the judges, as are Scott Ambler (scott@ambysoft.com), Andy Barnhart (arbarnhart@aol.com), Hugh Bawtree (bawtree@sunwave.net), Andrew Binstock (alb@pacificdataworks.com), Dana Cline (dana@logicsmith.com), Gary Evans (gkevans@evanetics.com), Warren Keuffel (wkeuffel@acm.org), Chris Minnick (cminnick@minnickweb.com), Guy Scharf (guy@guyscharf.com), and Alan Zeichick (zeichick@acm.org). Let the lobbying begin!
I'm thinking of shifting from my current US Based ISP who doesn't provide MySQL support to one that does, and I was thinking I might as well see if I can get Zope as well. Would this be a suitable site? http://www.he.net/spaceservices.html -- Graham Chiu
I received multiple error reports from my Zope server tonight, about an object not found at http://NETSERVER:8080/msadc/..Á%8s../..Á%8s../..Á%8s../winnt/system32/cmd.exe being called from ip address: 61.156.8.19 This is very odd as my web server is at port 80, and mapped by NAT to 8080. I presume that this is some sort of attack on my webserver - what are they trying to exploit? -- Graham Chiu
On Monday 12 February 2001 18:06, Graham Chiu wrote:
I received multiple error reports from my Zope server tonight, about an object not found at
http://NETSERVER:8080/msadc/..Á%8s../..Á%8s../..Á%8s../winnt/system32/cmd.exe
being called from ip address: 61.156.8.19
This is very odd as my web server is at port 80, and mapped by NAT to 8080.
I presume that this is some sort of attack on my webserver - what are they trying to exploit?
This is an exploit against IIS (probably 4.0) which can potentialy run a program. The path has to be exact, and can be foiled by installing IIS in a non-default path (higher or deeper in the heirarchy). It works because of poor handling of 'long' characters, afaik. But since you're not running IIS... As for the address... not sure... maybe the server is logging what IT thinks the port is, and thus using the post-NAT value.
-- Graham Chiu
Have a better one, Curtis Maloney.
On Tue, 13 Feb 2001 10:33:25 +1100 Curtis Maloney <curtis@cardgate.net> wrote:
This is an exploit against IIS (probably 4.0) which can potentialy run a program. The path has to be exact, and can be foiled by installing IIS in a non-default path (higher or deeper in the heirarchy).
Hi Curtis, I do have IIS installed, but no services running. In case I forget and accidentally enable it, I have deleted the msadcs.dll (?) that allows this exploit now. I complained to the owner of this address range, and they said that address was not one of theirs! -- Graham Chiu
Send emails to those folks about how great Zope is, I'd imagine. At least that's the way I understood it. On Sun, 11 Feb 2001 15:10:13 +0000 Chris Withers <chrisw@nipltd.com> wrote:
Chris McDonough wrote:
Folks, as he says, "let the lobbying begin!" ;-)
Who do we lobby and how?
cheers,
Chris
participants (4)
-
Chris McDonough -
Chris Withers -
Curtis Maloney -
Graham Chiu