Toby Kurien wrote:
> Seems like the infection was related to the loose (default) password
> of the manager app. I suppose changing that fixed the problem.
There is *no* default password for the manager application. You have to
configure it yourself.
If you have a Tomcat distribution that does hav
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hubert,
Hubert de Heer wrote:
> If you really, really need the manager webapp, you can restrict access
> to that one not only by password but also by source-ip, e.g. access is
> only allowed from your office IP.
>
> In server.xml:
> docBase=
...@gmail.com]
Sent: 22 January 2009 16:17
To: users@tomcat.apache.org
Subject: SECURITY breach in Tomcat
Hi,
I have a webapp for my company that has been running for several
years. Recently, we got infected by a trojan or virus and this has
been causing a lot of abnormal behavior. The trojan creates
Seems like the infection was related to the loose (default) password
of the manager app. I suppose changing that fixed the problem.
On Thu, Jan 22, 2009 at 4:26 PM, Toby Kurien wrote:
> thanks. I only need ROOT and myApp (which is my application). I am the
> developer, admin, everything. And yes,
thanks. I only need ROOT and myApp (which is my application). I am the
developer, admin, everything. And yes, we moved between physical
server racks that actually host Virtual environments.
On Thu, Jan 22, 2009 at 3:15 PM, Gregor Schneider wrote:
>>
>> Moving servers mean we moved it physically f
>
> Moving servers mean we moved it physically from one box to another. IP
> and DNS stays the same when we move.
> Btw: Can I take off all the apps from webapps, except ROOT and myApp?
> Hacker or virus is probably exploiting some vulnerability in them. As
> of now, tomcat is running after restart
Yes, you should remove all other webapps ("manager", "examples", etc.)
You can remove ROOT too, unless you've put files in there that you
need to serve.
--
Len
On Thu, Jan 22, 2009 at 14:50, Toby Kurien wrote:
> Yea, I rebuild server from scratch. Fortunately, we have virtual
> machines so we
Yea, I rebuild server from scratch. Fortunately, we have virtual
machines so we can revert to a factory build by just reverting to a
snapshot. That is same as moving to a fresh OS without anything
installed.
Moving servers mean we moved it physically from one box to another. IP
and DNS stays the s
Toby,
On Thu, Jan 22, 2009 at 5:27 PM, Toby Kurien wrote:
> Thanks Gregor. We are looking at setting up in Linux, but that is
> going to take longer to get a LIVE environment up and running. I have
> in the past already setup Tomcat from scratch 2-3 times and the
> infection just keeps coming. On
From: Len Popp
To: Tomcat Users List
Sent: Thursday, January 22, 2009 10:27:31 AM
Subject: Re: SECURITY breach in Tomcat
This sounds like an attack that has been seen before:
http://markmail.org/message/jrqw75yw3d3xh3p6
That message also has tips on tightening security
This sounds like an attack that has been seen before:
http://markmail.org/message/jrqw75yw3d3xh3p6
That message also has tips on tightening security.
In those cases it seems that the security hole was a weak password for
the manager webapp.
--
Len
On Thu, Jan 22, 2009 at 10:16, Toby Kurien wro
Thanks Gregor. We are looking at setting up in Linux, but that is
going to take longer to get a LIVE environment up and running. I have
in the past already setup Tomcat from scratch 2-3 times and the
infection just keeps coming. Only open port is 80 and network access
is disabled. In fact, one of m
On Thu, Jan 22, 2009 at 4:39 PM, Toby Kurien wrote:
> [ Tomcat hacked ]
Basic lesson concerning security:
If a system is once compromised, there is only one option:
Dump it and set it up vanilla.
Why?
It's because you have no idea what additional malware has been
installed be the initial ban
> Are you up to date on your Windows patches?
>
>
>
>
>
> From: Toby Kurien
> To: users@tomcat.apache.org
> Sent: Thursday, January 22, 2009 9:16:46 AM
> Subject: SECURITY breach in Tomcat
>
> Hi,
> I have a webapp for my c
ion of Tomcat are you using?
> What version of the JVM?
> What version of Windows?
> Are you up to date on your Windows patches?
>
>
>
>
>
> From: Toby Kurien
> To: users@tomcat.apache.org
> Sent: Thursday, January 22, 2009 9:16:46
What version of Tomcat are you using?
What version of the JVM?
What version of Windows?
Are you up to date on your Windows patches?
From: Toby Kurien
To: users@tomcat.apache.org
Sent: Thursday, January 22, 2009 9:16:46 AM
Subject: SECURITY breach in Tomcat
Hi,
I have a webapp for my company that has been running for several
years. Recently, we got infected by a trojan or virus and this has
been causing a lot of abnormal behavior. The trojan creates user
accounts in Windows and also creates web applications like safee.war
and zhu.war into the webapps
17 matches
Mail list logo
