On 3/28/08, Ric <lists@dvgroup.com> wrote:
>
> On Mar 28, 2008, at 12:35 AM, kk CHN wrote:
>
> > On 3/28/08, Ric <lists@dvgroup.com> wrote:
>
> >> What then is on ports 65287 and 64313 on your server?
> >
> > www python2.4 44496 20 tcp4 my_Serverbox_public_IPAddress
> > :65287 164.115.5.2:80
> >
> > Here the pid 44496 I greped
> >
> > $ ps -aux|grep 44496
> > www 44496 0.0 21.3 445368 442940 ?? S Thu11AM 203:49.39
> > /usr/local/bin/python2.4 /usr/local/www/Zope28/lib/python/Zope
> >
> > its conecting to the zope process : So it means some thing going
> > wrong with my machine? that foreign ip has access through some holes
> > of my plone/zope application right?
>
>
>
> Someone connecting to the Zope server doesn't necessarily mean there
> is a "hole". Why don't you take a look at your Zope logs and see what
> that IP is doing.
>
> In any case, closing off ports to outside access is trivial. Either
> throw up a firewall or configure Zope to bind only to 127.0.0.1.
>
I added a ipfw rule like this
ipfw add deny tcp from 164.115.5.0/24 to me in my ipfw_firewall script
and restarted the firewall sevice , but still the same ip is able to
make connection as follows why this happens ?
storm# sockstat -4p 80
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
www python2.4 79874 11 tcp4 my_ipaddress :57060 164.115.5.2:80
www python2.4 79874 17 tcp4 my_ipaddress :64305 164.115.5.2:80
www httpd 73932 3 tcp4 127.0.0.1:80 *:*
www httpd 849 3 tcp4 127.0.0.1:80 *:*
Received on Fri Mar 28 2008 - 03:12:26 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT