[Zope] memory leaks and worms
Toby Dickenson
tdickenson@geminidataloggers.com
Thu, 20 Sep 2001 15:33:31 +0100
On Thu, 20 Sep 2001 15:24:02 +0200, "Paul Zwarts" <paz@oratrix.com>
wrote:
>Has anyone had experience with the results of Nimda and CodeRed over
>zope? I have a suspicion that these worms cause memory leaks on the
>python process. Although the exploits are designed for MicroSnooze
>servers, Zope of course tries to parse them anyhow, sometime throwing
>exceptions at a lower level than the standard_error_page, thus
>disallowing me to write dtml or python to intercept it. The result,
>_I_think_ is a memory leak because zope isnt cleaning itself up. But I'm
>at loss how to prove this....
If you have your Zope connected to the internet then there are lots of
good reasons to use a front-end proxy, such as Squid or
Apache/mod_proxy, rather than exposing a 'raw' ZServer.
medusa's http implementation (used by ZServer) is not as robust as it
could be, and there are several denial-of-service attacks which are
blocked by Squid and Apache in their default configurations.
The Squid mailing list today had some posts discussing rules for
blocking such requests.
I hope this helps,
Toby Dickenson
tdickenson@geminidataloggers.com