[Zope] VHM followup... an open proxy probe?
Dylan Reinhardt
zope@dylanreinhardt.com
Sat, 15 Mar 2003 11:06:00 -0800
Looking over the Apache logs a bit more carefully, I can see several
requests of the form:
http://www.virtualhost.com/misc_/SiteAccess/VirtualHostMonster.gif
and
http://www.virtualhost.com/p_/zopelogo_jpg
Both of which will return graphics positively identifying your server as
Zope unless you've taken measures to the contrary. Oops.
Around the same times as the probes for site/vhm//, there were several
failed requests to use my server as an open proxy... my guess is that open
proxies may be what the probe is *really* looking for. Zope servers
running VHM are highly likely to be running Apache and given the variety
and age of the available docs on setting up Zope with Apache, it may be
fair to assume that some number of Zope+VHM+Apache sites are set up insecurely.
A couple thoughts/recommendations:
1. Read up on configuring and securing Apache proxy services:
http://httpd.apache.org/docs/mod/mod_proxy.html#access
2. Don't volunteer configuration info to potential attackers. You can
conceal misc_ and p_ from your virtual sites by placing empty folders with
these names in the folder above your virtual root. You may wish to name
your VHM object something unpredictable. Ensure that Apache is configured
with ServerSignature Off.
FWIW,
Dylan