[Zope] Help: mod_proxy exploit on apache + zope

Wayne Connolly wayne@c-media.com.au
Thu, 13 Mar 2003 16:26:23 -0800 (PST) 

Dave and Jean,

Thanks very much for your help... i tried first of all
Jeans
soln(http://groups.yahoo.com/group/zope/message/110797)
which didnt work. Then i tried Daves
(http://groups.yahoo.com/group/zope/message/110805)and
this one worked. 

Thanks dave... my sites are back up and running.. and
even the attacks ceased... luck me.. Thank-fully i
captured enough pachets from the bastard... so i
believe he will feel the wrath of wayne... lucky for
me he's on DSL :-)

Wow... stress free again...

Regards,

Wayne


--- In zope@yahoogroups.com, Dave Hall
<dave-zope@d...> wrote:
> On Thu, Mar 13, 2003 at 03:01:01PM -0800, Wayne
Connolly wrote:
> > All,
> > 
> > My server was used for hacking other servers by
some
> > morons. mod_proxy was set wide open - we were
getting
> > used as a relay for attacks on all sorts of
servers.
> > For the sake of people getting attacked, I've had
to
> > set it to Deny from all. 
> 
> Are you using it as a regular proxy or just to
front-end Zope?
> 
> If you're just front-ending Zope, then check to make
sure "ProxyResuests"
> is NOT set to On.  This will enable the proxy
service which you don't
> need.
> 
> You will need the proxy module loaded for rewrite to
fetch the URL from
> Zope but you shouldn't need the proxy service
enabled.
> 
> > This seems to have broken my zope sites, however.
> 
> Yup.  mod_rewrite uses parts of mod_proxy.
> 
> -- 
> 
> Dave
> 
>
===============================================================
> | <- You must be smarter than this stick to ride
>      the Internet		-Mike Handler
>
===============================================================
> 
> _______________________________________________
> Zope maillist  -  Zope@z...
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )

__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com