kk CHN wrote:
On 3/28/08, Ric <lists@xxxxxxxxxxx> wrote:
On Mar 28, 2008, at 12:35 AM, kk CHN wrote:
> On 3/28/08, Ric <lists@xxxxxxxxxxx> wrote:
What then is on ports 65287 and 64313 on your server?
>
> www python2.4 44496 20 tcp4 my_Serverbox_public_IPAddress
> :65287 164.115.5.2:80
>
> Here the pid 44496 I greped
>
> $ ps -aux|grep 44496
> www 44496 0.0 21.3 445368 442940 ?? S Thu11AM 203:49.39
> /usr/local/bin/python2.4 /usr/local/www/Zope28/lib/python/Zope
>
> its conecting to the zope process : So it means some thing going
> wrong with my machine? that foreign ip has access through some holes
> of my plone/zope application right?
Someone connecting to the Zope server doesn't necessarily mean there
is a "hole". Why don't you take a look at your Zope logs and see what
that IP is doing.
In any case, closing off ports to outside access is trivial. Either
throw up a firewall or configure Zope to bind only to 127.0.0.1.
I added a ipfw rule like this
ipfw add deny tcp from 164.115.5.0/24 to me in my ipfw_firewall script
and restarted the firewall sevice , but still the same ip is able to
make connection as follows why this happens ?
storm# sockstat -4p 80
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
www python2.4 79874 11 tcp4 my_ipaddress :57060 164.115.5.2:80
www python2.4 79874 17 tcp4 my_ipaddress :64305 164.115.5.2:80
www httpd 73932 3 tcp4 127.0.0.1:80 *:*
www httpd 849 3 tcp4 127.0.0.1:80 *:*
It's not an external connection inbound.
It's Zope connecting outwards.
Zope is loading a file from external websites for some reason.
Amos
--
Please use Squid 2.6STABLE17+ or 3.0STABLE1+
There are serious security advisories out on all earlier releases.
