Zope breakins

Robin Becker robin at jessikat.fsnet.co.uk
Wed Jun 4 20:04:25 CEST 2003

I notice that a Zope installation that has been running happily for some
time has changes that I don't expect.

I originally set it up with two FTP servers on ports 21 and 8021, but I
now see an FCGI server on port 21 (using the /Status page). This version
is pretty out of date and I don't have good access

# Zope version: 2.0+
# Python version: 1.5.2 (#0, Apr 13 1999, 10:51:12) [MSC 32 bit (Intel)]
# System Platform: win32

so are there well known ways into Zope that could make an FTPServer
transmute into an FCGIServer? If someone can do that do they have shell
access ie have they installed their own cgi scripts somewhere?

If this were my machine I would upgrade to a later Zope/Python, but that
might require some work as it runs a numerical economic model using
quite old fashioned Numeric.

Googled for info on Zope hacks & breakins etc but there seem to be a
huge number of zope related issues, but this seems like a break at the
medusa level?
Robin Becker

More information about the Python-list mailing list