subject:"Re\: TomEE\/catalina log showing that someone trying to hack into my TomEE\/tomcat7 server"

Re: TomEE/catalina log showing that someone trying to hack into my TomEE/tomcat7 server

2012-12-09 Thread Romain Manni-Bucau

Test it because ajp is either the best or the worse regarding perf...
Le 10 déc. 2012 05:48, "Howard W. Smith, Jr."  a
écrit :

> For now, I just decided to delete all the webapps except mine (tomee,
> manager, host...), and that does the trick for me, since I'm not using
> those right now.
>
> One day, I would like to consider Apache httpd, Tomcat AJP, and APR, so I
> can have the best possible performance.
>
>
> On Sun, Dec 9, 2012 at 5:26 PM, Howard W. Smith, Jr. <
> smithh032...@gmail.com
> > wrote:
>
> > Jonathan,
> >
> > Thanks for the detailed response. Yes, you're right, I want port 4848
> > (tomee/admin web apps) only available to myself (LAN), and port 8080
> > (business webapp) available to LAN and WAN.
> >
> > I've done a lot of reading about apache httpd and tomcat, and for the
> most
> > part, I read that it's not necessary to run the two together, so I have
> not
> > done that yet (as I am new to Tomcat/TomEE), but if it is highly
> > recommended, then I might give it a try. Right now, TomEE is serving
> > dynamic web page content (JSF web app) to a small number of users at the
> > present. Hopefully, in the near future, the same web app (and tomEE) will
> > possibly serve static as well as dynamic web page content to customers.
> >
> > Most of what you mentioned below, I read recently (within last 2 or 3
> > hours) in Tomcat docs, since Romain advised me to look there.
> >
> > Right now, i have no need for tomee web app, and the other admin apps,
> but
> > I might find use for them in the near future. So, for right now, if I
> could
> > have tomee/admin web apps only on 4848 and business web app on 8080, then
> > I'm fine with that. Also, I have no need for load balancing at the
> present,
> > but may have a need for that some time in the future.
> >
> > It's interesting how much I'm learning by talking to and interfacing with
> > Apache committers and users. Learning a lot...and loving it! :)
> >
> > Thanks,
> > Howard
> >
> >
> > On Sun, Dec 9, 2012 at 4:26 PM, Jonathan Gallimore <
> > jonathan.gallim...@gmail.com> wrote:
> >
> >> Hi Howard,
> >>
> >> Sounds like you want to make your application available on
> >> http://localhost:8080/myapp, and have the usual Tomcat / TomEE
> >> administrative applications available via
> >> http://localhost:4848/[tomee|manager|etc]. Similarly, you don't want
> >> http://localhost:4848/myapp or http://localhost:8080[tomee|manager|etc]
> >> to
> >> work, with the overall goal being to restrict access to the admin apps
> to
> >> just your machine, or users on your LAN - is that correct?
> >>
> >> I have a couple of suggestions:
> >>
> >> You might be able to achieve this by defining different connectors,
> >> engines
> >> and hosts in server.xml. I haven't done it myself, but I'm happy to give
> >> it
> >> a try, document it and provide a sample config if that would be
> helpful. I
> >> found a couple of questions on StackOverflow trying to do something
> >> similar, albeit with Tomcat 6 that might be helpful:
> >>
> >>
> >>
> http://stackoverflow.com/questions/8823290/how-to-run-different-apps-on-single-tomcat-instance-behind-different-ports
> >>
> >>
> >>
> http://stackoverflow.com/questions/4366843/how-to-deploy-mutiple-web-application-in-tomcat-which-will-run-on-different-port
> >>
> >> I have a couple of alternative suggestions as well, that might be
> useful.
> >>
> >> First is to try the RemoteAddressFilter valve:
> >>
> >>
> http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Remote_Address_Filter-
> >> we used to use this within the TomEE .war file to restrict access from
> >> everywhere except localhost. Everything would still be available on port
> >> 8080, but would access to specific apps would be allowed or blocked
> based
> >> on IP address.
> >>
> >> Alternatively, if you don't need the TomEE and Tomcat webapps, you can
> >> remove them (take a backup first!). To remove the TomEE webapp, copy the
> >> jars from $CATALINA_HOME/webapps/tomee/WEB-INF/lib
> >> and $CATALINA_HOME/webapps/tomee/lib to $CATALINA_HOME/lib and then
> remove
> >> the webapp (more info here: http://tomee.apache.org/tomee-webapp.html).
> >> The
> >> other webapps can safely be removed unless you are using them.
> >>
> >> The downside to this is that remote EJB invocation via HTTP won't work
> >> (i.e. if you are using a RemoteInitialContextFactory with a
> >> http://localhost:8080/tomee/ejb URL). You can still use this mechanism
> >> from
> >> within your own webapp if you wish by adding this to your web.xml:
> >>
> >> 
> >> ServerServlet
> >>
> >>
> org.apache.openejb.server.httpd.ServerServlet
> >> 
> >> 
> >> ServerServlet
> >> /ejb
> >> 
> >>
> >> You can then use http://localhost:8080/myapp/ejb to access your EJBs
> >> remotely.
> >>
> >> One final suggestion - use Apache httpd in front of TomEE and use
> >> mod_proxy
> >> to proxy to your app running on Tomcat's AJP port. Firewall off access
> to
> >> TomEE completely to the outside world, and only allow h

Re: TomEE/catalina log showing that someone trying to hack into my TomEE/tomcat7 server

2012-12-09 Thread Howard W. Smith, Jr.

For now, I just decided to delete all the webapps except mine (tomee,
manager, host...), and that does the trick for me, since I'm not using
those right now.

One day, I would like to consider Apache httpd, Tomcat AJP, and APR, so I
can have the best possible performance.


On Sun, Dec 9, 2012 at 5:26 PM, Howard W. Smith, Jr.  wrote:

> Jonathan,
>
> Thanks for the detailed response. Yes, you're right, I want port 4848
> (tomee/admin web apps) only available to myself (LAN), and port 8080
> (business webapp) available to LAN and WAN.
>
> I've done a lot of reading about apache httpd and tomcat, and for the most
> part, I read that it's not necessary to run the two together, so I have not
> done that yet (as I am new to Tomcat/TomEE), but if it is highly
> recommended, then I might give it a try. Right now, TomEE is serving
> dynamic web page content (JSF web app) to a small number of users at the
> present. Hopefully, in the near future, the same web app (and tomEE) will
> possibly serve static as well as dynamic web page content to customers.
>
> Most of what you mentioned below, I read recently (within last 2 or 3
> hours) in Tomcat docs, since Romain advised me to look there.
>
> Right now, i have no need for tomee web app, and the other admin apps, but
> I might find use for them in the near future. So, for right now, if I could
> have tomee/admin web apps only on 4848 and business web app on 8080, then
> I'm fine with that. Also, I have no need for load balancing at the present,
> but may have a need for that some time in the future.
>
> It's interesting how much I'm learning by talking to and interfacing with
> Apache committers and users. Learning a lot...and loving it! :)
>
> Thanks,
> Howard
>
>
> On Sun, Dec 9, 2012 at 4:26 PM, Jonathan Gallimore <
> jonathan.gallim...@gmail.com> wrote:
>
>> Hi Howard,
>>
>> Sounds like you want to make your application available on
>> http://localhost:8080/myapp, and have the usual Tomcat / TomEE
>> administrative applications available via
>> http://localhost:4848/[tomee|manager|etc]. Similarly, you don't want
>> http://localhost:4848/myapp or http://localhost:8080[tomee|manager|etc]
>> to
>> work, with the overall goal being to restrict access to the admin apps to
>> just your machine, or users on your LAN - is that correct?
>>
>> I have a couple of suggestions:
>>
>> You might be able to achieve this by defining different connectors,
>> engines
>> and hosts in server.xml. I haven't done it myself, but I'm happy to give
>> it
>> a try, document it and provide a sample config if that would be helpful. I
>> found a couple of questions on StackOverflow trying to do something
>> similar, albeit with Tomcat 6 that might be helpful:
>>
>>
>> http://stackoverflow.com/questions/8823290/how-to-run-different-apps-on-single-tomcat-instance-behind-different-ports
>>
>>
>> http://stackoverflow.com/questions/4366843/how-to-deploy-mutiple-web-application-in-tomcat-which-will-run-on-different-port
>>
>> I have a couple of alternative suggestions as well, that might be useful.
>>
>> First is to try the RemoteAddressFilter valve:
>>
>> http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Remote_Address_Filter-
>> we used to use this within the TomEE .war file to restrict access from
>> everywhere except localhost. Everything would still be available on port
>> 8080, but would access to specific apps would be allowed or blocked based
>> on IP address.
>>
>> Alternatively, if you don't need the TomEE and Tomcat webapps, you can
>> remove them (take a backup first!). To remove the TomEE webapp, copy the
>> jars from $CATALINA_HOME/webapps/tomee/WEB-INF/lib
>> and $CATALINA_HOME/webapps/tomee/lib to $CATALINA_HOME/lib and then remove
>> the webapp (more info here: http://tomee.apache.org/tomee-webapp.html).
>> The
>> other webapps can safely be removed unless you are using them.
>>
>> The downside to this is that remote EJB invocation via HTTP won't work
>> (i.e. if you are using a RemoteInitialContextFactory with a
>> http://localhost:8080/tomee/ejb URL). You can still use this mechanism
>> from
>> within your own webapp if you wish by adding this to your web.xml:
>>
>> 
>> ServerServlet
>>
>> org.apache.openejb.server.httpd.ServerServlet
>> 
>> 
>> ServerServlet
>> /ejb
>> 
>>
>> You can then use http://localhost:8080/myapp/ejb to access your EJBs
>> remotely.
>>
>> One final suggestion - use Apache httpd in front of TomEE and use
>> mod_proxy
>> to proxy to your app running on Tomcat's AJP port. Firewall off access to
>> TomEE completely to the outside world, and only allow httpd to serve up
>> your app. There are loads of options in the Apache httpd server to
>> configure access control, and you can also use httpd to load balance
>> several Tomcat instances as well if you wish. You can also serve up static
>> parts of your webapp directly from httpd rather than forwarding from
>> Tomcat, which can be quicker. I could knock an example configuration of
>> this as well if tha

Re: TomEE/catalina log showing that someone trying to hack into my TomEE/tomcat7 server

2012-12-09 Thread Howard W. Smith, Jr.

Jonathan,

Thanks for the detailed response. Yes, you're right, I want port 4848
(tomee/admin web apps) only available to myself (LAN), and port 8080
(business webapp) available to LAN and WAN.

I've done a lot of reading about apache httpd and tomcat, and for the most
part, I read that it's not necessary to run the two together, so I have not
done that yet (as I am new to Tomcat/TomEE), but if it is highly
recommended, then I might give it a try. Right now, TomEE is serving
dynamic web page content (JSF web app) to a small number of users at the
present. Hopefully, in the near future, the same web app (and tomEE) will
possibly serve static as well as dynamic web page content to customers.

Most of what you mentioned below, I read recently (within last 2 or 3
hours) in Tomcat docs, since Romain advised me to look there.

Right now, i have no need for tomee web app, and the other admin apps, but
I might find use for them in the near future. So, for right now, if I could
have tomee/admin web apps only on 4848 and business web app on 8080, then
I'm fine with that. Also, I have no need for load balancing at the present,
but may have a need for that some time in the future.

It's interesting how much I'm learning by talking to and interfacing with
Apache committers and users. Learning a lot...and loving it! :)

Thanks,
Howard


On Sun, Dec 9, 2012 at 4:26 PM, Jonathan Gallimore <
jonathan.gallim...@gmail.com> wrote:

> Hi Howard,
>
> Sounds like you want to make your application available on
> http://localhost:8080/myapp, and have the usual Tomcat / TomEE
> administrative applications available via
> http://localhost:4848/[tomee|manager|etc]. Similarly, you don't want
> http://localhost:4848/myapp or http://localhost:8080[tomee|manager|etc] to
> work, with the overall goal being to restrict access to the admin apps to
> just your machine, or users on your LAN - is that correct?
>
> I have a couple of suggestions:
>
> You might be able to achieve this by defining different connectors, engines
> and hosts in server.xml. I haven't done it myself, but I'm happy to give it
> a try, document it and provide a sample config if that would be helpful. I
> found a couple of questions on StackOverflow trying to do something
> similar, albeit with Tomcat 6 that might be helpful:
>
>
> http://stackoverflow.com/questions/8823290/how-to-run-different-apps-on-single-tomcat-instance-behind-different-ports
>
>
> http://stackoverflow.com/questions/4366843/how-to-deploy-mutiple-web-application-in-tomcat-which-will-run-on-different-port
>
> I have a couple of alternative suggestions as well, that might be useful.
>
> First is to try the RemoteAddressFilter valve:
>
> http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Remote_Address_Filter-
> we used to use this within the TomEE .war file to restrict access from
> everywhere except localhost. Everything would still be available on port
> 8080, but would access to specific apps would be allowed or blocked based
> on IP address.
>
> Alternatively, if you don't need the TomEE and Tomcat webapps, you can
> remove them (take a backup first!). To remove the TomEE webapp, copy the
> jars from $CATALINA_HOME/webapps/tomee/WEB-INF/lib
> and $CATALINA_HOME/webapps/tomee/lib to $CATALINA_HOME/lib and then remove
> the webapp (more info here: http://tomee.apache.org/tomee-webapp.html).
> The
> other webapps can safely be removed unless you are using them.
>
> The downside to this is that remote EJB invocation via HTTP won't work
> (i.e. if you are using a RemoteInitialContextFactory with a
> http://localhost:8080/tomee/ejb URL). You can still use this mechanism
> from
> within your own webapp if you wish by adding this to your web.xml:
>
> 
> ServerServlet
>
> org.apache.openejb.server.httpd.ServerServlet
> 
> 
> ServerServlet
> /ejb
> 
>
> You can then use http://localhost:8080/myapp/ejb to access your EJBs
> remotely.
>
> One final suggestion - use Apache httpd in front of TomEE and use mod_proxy
> to proxy to your app running on Tomcat's AJP port. Firewall off access to
> TomEE completely to the outside world, and only allow httpd to serve up
> your app. There are loads of options in the Apache httpd server to
> configure access control, and you can also use httpd to load balance
> several Tomcat instances as well if you wish. You can also serve up static
> parts of your webapp directly from httpd rather than forwarding from
> Tomcat, which can be quicker. I could knock an example configuration of
> this as well if that would be helpful - if you're currently allowing users
> straight on to port 8080, this option might be worth a look.
>
> I'd be interested if others also put Apache httpd in front of Tomcat as
> well or not.
>
> Hope that helps!
>
> Jon
>
> On Sun, Dec 9, 2012 at 8:35 PM, Howard W. Smith, Jr. <
> smithh032...@gmail.com
> > wrote:
>
> > Sorry, i don't understand. The following is in my server.xml, I added the
> > port 4848, but if I go to localhost:4848 and localhost:808

Re: TomEE/catalina log showing that someone trying to hack into my TomEE/tomcat7 server

2012-12-09 Thread Jonathan Gallimore

Hi Howard,

Sounds like you want to make your application available on
http://localhost:8080/myapp, and have the usual Tomcat / TomEE
administrative applications available via
http://localhost:4848/[tomee|manager|etc]. Similarly, you don't want
http://localhost:4848/myapp or http://localhost:8080[tomee|manager|etc] to
work, with the overall goal being to restrict access to the admin apps to
just your machine, or users on your LAN - is that correct?

I have a couple of suggestions:

You might be able to achieve this by defining different connectors, engines
and hosts in server.xml. I haven't done it myself, but I'm happy to give it
a try, document it and provide a sample config if that would be helpful. I
found a couple of questions on StackOverflow trying to do something
similar, albeit with Tomcat 6 that might be helpful:

http://stackoverflow.com/questions/8823290/how-to-run-different-apps-on-single-tomcat-instance-behind-different-ports

http://stackoverflow.com/questions/4366843/how-to-deploy-mutiple-web-application-in-tomcat-which-will-run-on-different-port

I have a couple of alternative suggestions as well, that might be useful.

First is to try the RemoteAddressFilter valve:
http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Remote_Address_Filter-
we used to use this within the TomEE .war file to restrict access from
everywhere except localhost. Everything would still be available on port
8080, but would access to specific apps would be allowed or blocked based
on IP address.

Alternatively, if you don't need the TomEE and Tomcat webapps, you can
remove them (take a backup first!). To remove the TomEE webapp, copy the
jars from $CATALINA_HOME/webapps/tomee/WEB-INF/lib
and $CATALINA_HOME/webapps/tomee/lib to $CATALINA_HOME/lib and then remove
the webapp (more info here: http://tomee.apache.org/tomee-webapp.html). The
other webapps can safely be removed unless you are using them.

The downside to this is that remote EJB invocation via HTTP won't work
(i.e. if you are using a RemoteInitialContextFactory with a
http://localhost:8080/tomee/ejb URL). You can still use this mechanism from
within your own webapp if you wish by adding this to your web.xml:

ServerServlet
org.apache.openejb.server.httpd.ServerServlet

ServerServlet
/ejb

You can then use http://localhost:8080/myapp/ejb to access your EJBs
remotely.

One final suggestion - use Apache httpd in front of TomEE and use mod_proxy
to proxy to your app running on Tomcat's AJP port. Firewall off access to
TomEE completely to the outside world, and only allow httpd to serve up
your app. There are loads of options in the Apache httpd server to
configure access control, and you can also use httpd to load balance
several Tomcat instances as well if you wish. You can also serve up static
parts of your webapp directly from httpd rather than forwarding from
Tomcat, which can be quicker. I could knock an example configuration of
this as well if that would be helpful - if you're currently allowing users
straight on to port 8080, this option might be worth a look.

I'd be interested if others also put Apache httpd in front of Tomcat as
well or not.

Hope that helps!

Jon

On Sun, Dec 9, 2012 at 8:35 PM, Howard W. Smith, Jr.  wrote:

> Sorry, i don't understand. The following is in my server.xml, I added the
> port 4848, but if I go to localhost:4848 and localhost:8080 in my browser,
> then I'm seeing the same 'tomcat' page that has a way for hackers to click
> on TomEE Gui, Server Status, Manager App, and Host manager. I only want to
> see that page when access localhost:4848, I do not want to see that page
> when accessing localhost:8080.
>
>
> connectionTimeout="2"
>redirectPort="8443" />
> 
> port="4848" protocol="HTTP/1.1"
>connectionTimeout="2"
>redirectPort="8443" />
>
>
> On Sun, Dec 9, 2012 at 11:30 AM, Romain Manni-Bucau
> wrote:
>
> > Just look tomcat site. Basically connector(s) ports and shutdown port
> > ( and < Connector>)
> > Le 9 déc. 2012 17:26, "Howard W. Smith, Jr."  a
> > écrit :
> >
> > > Can you reply with a URL or two that advises how to configure
> server.xml?
> > > thanks.
> > >
> > >
> > > On Sun, Dec 9, 2012 at 11:23 AM, Romain Manni-Bucau
> > > wrote:
> > >
> > > > That's right, tomee webapp only serve for default ejbd (remote ejb
> > > > transport).
> > > >
> > > > For port just update server.xml
> > > > Le 9 déc. 2012 17:20, "Howard W. Smith, Jr."  >
> > a
> > > > écrit :
> > > >
> > > > > Romain,
> > > > >
> > > > > I have TomEE 1.5.1 running on production server, and I am getting
> > > > > hack-attempts late at night (midnight) by someone, trying to login
> to
> > > > > 'admin' acct of TomEE (tomcat7).  I have a strong password and a
> > > > different
> > > > > admin-user-name in place.
> > > > >
> > > > > I really would like to change configuration to put the tomee app on
> > > > > localhost:4848 (port 4848) instead of

Re: TomEE/catalina log showing that someone trying to hack into my TomEE/tomcat7 server

2012-12-09 Thread Howard W. Smith, Jr.

Sorry, i don't understand. The following is in my server.xml, I added the
port 4848, but if I go to localhost:4848 and localhost:8080 in my browser,
then I'm seeing the same 'tomcat' page that has a way for hackers to click
on TomEE Gui, Server Status, Manager App, and Host manager. I only want to
see that page when access localhost:4848, I do not want to see that page
when accessing localhost:8080.







On Sun, Dec 9, 2012 at 11:30 AM, Romain Manni-Bucau
wrote:

> Just look tomcat site. Basically connector(s) ports and shutdown port
> ( and < Connector>)
> Le 9 déc. 2012 17:26, "Howard W. Smith, Jr."  a
> écrit :
>
> > Can you reply with a URL or two that advises how to configure server.xml?
> > thanks.
> >
> >
> > On Sun, Dec 9, 2012 at 11:23 AM, Romain Manni-Bucau
> > wrote:
> >
> > > That's right, tomee webapp only serve for default ejbd (remote ejb
> > > transport).
> > >
> > > For port just update server.xml
> > > Le 9 déc. 2012 17:20, "Howard W. Smith, Jr." 
> a
> > > écrit :
> > >
> > > > Romain,
> > > >
> > > > I have TomEE 1.5.1 running on production server, and I am getting
> > > > hack-attempts late at night (midnight) by someone, trying to login to
> > > > 'admin' acct of TomEE (tomcat7).  I have a strong password and a
> > > different
> > > > admin-user-name in place.
> > > >
> > > > I really would like to change configuration to put the tomee app on
> > > > localhost:4848 (port 4848) instead of port 80 or 8080.
> > > >
> > > > I have not been successful at this yet. I think I read in tomee or
> > > tomcat7
> > > > user guide, that I can delete the tomee app? I can also delete
> > > manager/etc
> > > > apps as well, so they won't even be served. Right?
> > > >
> > > > Howard
> > > >
> > > >
> > > > On Tue, Nov 27, 2012 at 6:06 AM, Romain Manni-Bucau
> > > > wrote:
> > > >
> > > > > By default in dev more you should get tomee user (but only to
> access
> > > > tomee
> > > > > webapp, not tomcat one)
> > > > >
> > > > > if you set openejb.profile to something else (system property)
> you'll
> > > > need
> > > > > to define it explicitely
> > > > >
> > > > > *Romain Manni-Bucau*
> > > > > *Twitter: @rmannibucau *
> > > > > *Blog: **http://rmannibucau.wordpress.com/*<
> > > > > http://rmannibucau.wordpress.com/>
> > > > > *LinkedIn: **http://fr.linkedin.com/in/rmannibucau*
> > > > > *Github: https://github.com/rmannibucau*
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > 2012/11/27 Howard W. Smith, Jr. 
> > > > >
> > > > > > Wow, check this out. I'm so glad that you all ship tomee.xml with
> > all
> > > > > > users/passwords 'commented out'! :)
> > > > > >
> > > > > > Nov 27, 2012 5:48:05 AM org.apache.catalina.realm.LockOutRealm
> > > > > authenticate
> > > > > > WARNING: An attempt was made to authenticate the locked user
> > > "manager"
> > > > > > Nov 27, 2012 5:48:05 AM org.apache.catalina.realm.LockOutRealm
> > > > > authenticate
> > > > > > WARNING: An attempt was made to authenticate the locked user
> > > "manager"
> > > > > > Nov 27, 2012 5:48:06 AM org.apache.catalina.realm.LockOutRealm
> > > > > authenticate
> > > > > > WARNING: An attempt was made to authenticate the locked user
> > "role1"
> > > > > > Nov 27, 2012 5:48:06 AM org.apache.catalina.realm.LockOutRealm
> > > > > authenticate
> > > > > > WARNING: An attempt was made to authenticate the locked user
> > "role1"
> > > > > > Nov 27, 2012 5:48:07 AM org.apache.catalina.realm.LockOutRealm
> > > > > authenticate
> > > > > > WARNING: An attempt was made to authenticate the locked user
> "root"
> > > > > > Nov 27, 2012 5:48:07 AM org.apache.catalina.realm.LockOutRealm
> > > > > authenticate
> > > > > > WARNING: An attempt was made to authenticate the locked user
> "root"
> > > > > > Nov 27, 2012 5:48:07 AM org.apache.catalina.realm.LockOutRealm
> > > > > authenticate
> > > > > > WARNING: An attempt was made to authenticate the locked user
> "root"
> > > > > > Nov 27, 2012 5:48:08 AM org.apache.catalina.realm.LockOutRealm
> > > > > authenticate
> > > > > > WARNING: An attempt was made to authenticate the locked user
> > "tomcat"
> > > > > > Nov 27, 2012 5:48:08 AM org.apache.catalina.realm.LockOutRealm
> > > > > authenticate
> > > > > > WARNING: An attempt was made to authenticate the locked user
> > "tomcat"
> > > > > > Nov 27, 2012 5:48:09 AM org.apache.catalina.realm.LockOutRealm
> > > > > authenticate
> > > > > > WARNING: An attempt was made to authenticate the locked user
> "both"
> > > > > > Nov 27, 2012 5:48:09 AM org.apache.catalina.realm.LockOutRealm
> > > > > authenticate
> > > > > > WARNING: An attempt was made to authenticate the locked user
> "both"
> > > > > > Nov 27, 2012 5:48:09 AM org.apache.catalina.realm.LockOutRealm
> > > > > authenticate
> > > > > > WARNING: An attempt was made to authenticate the locked user
> "both"
> > > > > >
> > > > > > 88.191.100.2 - - [27/Nov/2012:05:47:58 -0500] "HEAD /manager/html
> > > > > HTTP/1.0"
> > > > > > 401 -
> > > > > > 88.191.100

Re: TomEE/catalina log showing that someone trying to hack into my TomEE/tomcat7 server

2012-12-09 Thread Romain Manni-Bucau

Just look tomcat site. Basically connector(s) ports and shutdown port
( and < Connector>)
Le 9 déc. 2012 17:26, "Howard W. Smith, Jr."  a
écrit :

> Can you reply with a URL or two that advises how to configure server.xml?
> thanks.
>
>
> On Sun, Dec 9, 2012 at 11:23 AM, Romain Manni-Bucau
> wrote:
>
> > That's right, tomee webapp only serve for default ejbd (remote ejb
> > transport).
> >
> > For port just update server.xml
> > Le 9 déc. 2012 17:20, "Howard W. Smith, Jr."  a
> > écrit :
> >
> > > Romain,
> > >
> > > I have TomEE 1.5.1 running on production server, and I am getting
> > > hack-attempts late at night (midnight) by someone, trying to login to
> > > 'admin' acct of TomEE (tomcat7).  I have a strong password and a
> > different
> > > admin-user-name in place.
> > >
> > > I really would like to change configuration to put the tomee app on
> > > localhost:4848 (port 4848) instead of port 80 or 8080.
> > >
> > > I have not been successful at this yet. I think I read in tomee or
> > tomcat7
> > > user guide, that I can delete the tomee app? I can also delete
> > manager/etc
> > > apps as well, so they won't even be served. Right?
> > >
> > > Howard
> > >
> > >
> > > On Tue, Nov 27, 2012 at 6:06 AM, Romain Manni-Bucau
> > > wrote:
> > >
> > > > By default in dev more you should get tomee user (but only to access
> > > tomee
> > > > webapp, not tomcat one)
> > > >
> > > > if you set openejb.profile to something else (system property) you'll
> > > need
> > > > to define it explicitely
> > > >
> > > > *Romain Manni-Bucau*
> > > > *Twitter: @rmannibucau *
> > > > *Blog: **http://rmannibucau.wordpress.com/*<
> > > > http://rmannibucau.wordpress.com/>
> > > > *LinkedIn: **http://fr.linkedin.com/in/rmannibucau*
> > > > *Github: https://github.com/rmannibucau*
> > > >
> > > >
> > > >
> > > >
> > > > 2012/11/27 Howard W. Smith, Jr. 
> > > >
> > > > > Wow, check this out. I'm so glad that you all ship tomee.xml with
> all
> > > > > users/passwords 'commented out'! :)
> > > > >
> > > > > Nov 27, 2012 5:48:05 AM org.apache.catalina.realm.LockOutRealm
> > > > authenticate
> > > > > WARNING: An attempt was made to authenticate the locked user
> > "manager"
> > > > > Nov 27, 2012 5:48:05 AM org.apache.catalina.realm.LockOutRealm
> > > > authenticate
> > > > > WARNING: An attempt was made to authenticate the locked user
> > "manager"
> > > > > Nov 27, 2012 5:48:06 AM org.apache.catalina.realm.LockOutRealm
> > > > authenticate
> > > > > WARNING: An attempt was made to authenticate the locked user
> "role1"
> > > > > Nov 27, 2012 5:48:06 AM org.apache.catalina.realm.LockOutRealm
> > > > authenticate
> > > > > WARNING: An attempt was made to authenticate the locked user
> "role1"
> > > > > Nov 27, 2012 5:48:07 AM org.apache.catalina.realm.LockOutRealm
> > > > authenticate
> > > > > WARNING: An attempt was made to authenticate the locked user "root"
> > > > > Nov 27, 2012 5:48:07 AM org.apache.catalina.realm.LockOutRealm
> > > > authenticate
> > > > > WARNING: An attempt was made to authenticate the locked user "root"
> > > > > Nov 27, 2012 5:48:07 AM org.apache.catalina.realm.LockOutRealm
> > > > authenticate
> > > > > WARNING: An attempt was made to authenticate the locked user "root"
> > > > > Nov 27, 2012 5:48:08 AM org.apache.catalina.realm.LockOutRealm
> > > > authenticate
> > > > > WARNING: An attempt was made to authenticate the locked user
> "tomcat"
> > > > > Nov 27, 2012 5:48:08 AM org.apache.catalina.realm.LockOutRealm
> > > > authenticate
> > > > > WARNING: An attempt was made to authenticate the locked user
> "tomcat"
> > > > > Nov 27, 2012 5:48:09 AM org.apache.catalina.realm.LockOutRealm
> > > > authenticate
> > > > > WARNING: An attempt was made to authenticate the locked user "both"
> > > > > Nov 27, 2012 5:48:09 AM org.apache.catalina.realm.LockOutRealm
> > > > authenticate
> > > > > WARNING: An attempt was made to authenticate the locked user "both"
> > > > > Nov 27, 2012 5:48:09 AM org.apache.catalina.realm.LockOutRealm
> > > > authenticate
> > > > > WARNING: An attempt was made to authenticate the locked user "both"
> > > > >
> > > > > 88.191.100.2 - - [27/Nov/2012:05:47:58 -0500] "HEAD /manager/html
> > > > HTTP/1.0"
> > > > > 401 -
> > > > > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html
> > > > HTTP/1.0"
> > > > > 401 -
> > > > > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html
> > > > HTTP/1.0"
> > > > > 401 -
> > > > > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html
> > > > HTTP/1.0"
> > > > > 401 -
> > > > > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html
> > > > HTTP/1.0"
> > > > > 401 -
> > > > > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html
> > > > HTTP/1.0"
> > > > > 401 -
> > > > > 88.191.100.2 - - [27/Nov/2012:05:48:00 -0500] "HEAD /manager/html
> > > > HTTP/1.0"
> > > > > 401 -
> > > > > 88.191.100.2 - - [27/Nov/2012:05:48:00 -0500] "HEAD /manager/html
> > > > H

Re: TomEE/catalina log showing that someone trying to hack into my TomEE/tomcat7 server

2012-12-09 Thread Howard W. Smith, Jr.

Can you reply with a URL or two that advises how to configure server.xml?
thanks.


On Sun, Dec 9, 2012 at 11:23 AM, Romain Manni-Bucau
wrote:

> That's right, tomee webapp only serve for default ejbd (remote ejb
> transport).
>
> For port just update server.xml
> Le 9 déc. 2012 17:20, "Howard W. Smith, Jr."  a
> écrit :
>
> > Romain,
> >
> > I have TomEE 1.5.1 running on production server, and I am getting
> > hack-attempts late at night (midnight) by someone, trying to login to
> > 'admin' acct of TomEE (tomcat7).  I have a strong password and a
> different
> > admin-user-name in place.
> >
> > I really would like to change configuration to put the tomee app on
> > localhost:4848 (port 4848) instead of port 80 or 8080.
> >
> > I have not been successful at this yet. I think I read in tomee or
> tomcat7
> > user guide, that I can delete the tomee app? I can also delete
> manager/etc
> > apps as well, so they won't even be served. Right?
> >
> > Howard
> >
> >
> > On Tue, Nov 27, 2012 at 6:06 AM, Romain Manni-Bucau
> > wrote:
> >
> > > By default in dev more you should get tomee user (but only to access
> > tomee
> > > webapp, not tomcat one)
> > >
> > > if you set openejb.profile to something else (system property) you'll
> > need
> > > to define it explicitely
> > >
> > > *Romain Manni-Bucau*
> > > *Twitter: @rmannibucau *
> > > *Blog: **http://rmannibucau.wordpress.com/*<
> > > http://rmannibucau.wordpress.com/>
> > > *LinkedIn: **http://fr.linkedin.com/in/rmannibucau*
> > > *Github: https://github.com/rmannibucau*
> > >
> > >
> > >
> > >
> > > 2012/11/27 Howard W. Smith, Jr. 
> > >
> > > > Wow, check this out. I'm so glad that you all ship tomee.xml with all
> > > > users/passwords 'commented out'! :)
> > > >
> > > > Nov 27, 2012 5:48:05 AM org.apache.catalina.realm.LockOutRealm
> > > authenticate
> > > > WARNING: An attempt was made to authenticate the locked user
> "manager"
> > > > Nov 27, 2012 5:48:05 AM org.apache.catalina.realm.LockOutRealm
> > > authenticate
> > > > WARNING: An attempt was made to authenticate the locked user
> "manager"
> > > > Nov 27, 2012 5:48:06 AM org.apache.catalina.realm.LockOutRealm
> > > authenticate
> > > > WARNING: An attempt was made to authenticate the locked user "role1"
> > > > Nov 27, 2012 5:48:06 AM org.apache.catalina.realm.LockOutRealm
> > > authenticate
> > > > WARNING: An attempt was made to authenticate the locked user "role1"
> > > > Nov 27, 2012 5:48:07 AM org.apache.catalina.realm.LockOutRealm
> > > authenticate
> > > > WARNING: An attempt was made to authenticate the locked user "root"
> > > > Nov 27, 2012 5:48:07 AM org.apache.catalina.realm.LockOutRealm
> > > authenticate
> > > > WARNING: An attempt was made to authenticate the locked user "root"
> > > > Nov 27, 2012 5:48:07 AM org.apache.catalina.realm.LockOutRealm
> > > authenticate
> > > > WARNING: An attempt was made to authenticate the locked user "root"
> > > > Nov 27, 2012 5:48:08 AM org.apache.catalina.realm.LockOutRealm
> > > authenticate
> > > > WARNING: An attempt was made to authenticate the locked user "tomcat"
> > > > Nov 27, 2012 5:48:08 AM org.apache.catalina.realm.LockOutRealm
> > > authenticate
> > > > WARNING: An attempt was made to authenticate the locked user "tomcat"
> > > > Nov 27, 2012 5:48:09 AM org.apache.catalina.realm.LockOutRealm
> > > authenticate
> > > > WARNING: An attempt was made to authenticate the locked user "both"
> > > > Nov 27, 2012 5:48:09 AM org.apache.catalina.realm.LockOutRealm
> > > authenticate
> > > > WARNING: An attempt was made to authenticate the locked user "both"
> > > > Nov 27, 2012 5:48:09 AM org.apache.catalina.realm.LockOutRealm
> > > authenticate
> > > > WARNING: An attempt was made to authenticate the locked user "both"
> > > >
> > > > 88.191.100.2 - - [27/Nov/2012:05:47:58 -0500] "HEAD /manager/html
> > > HTTP/1.0"
> > > > 401 -
> > > > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html
> > > HTTP/1.0"
> > > > 401 -
> > > > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html
> > > HTTP/1.0"
> > > > 401 -
> > > > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html
> > > HTTP/1.0"
> > > > 401 -
> > > > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html
> > > HTTP/1.0"
> > > > 401 -
> > > > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html
> > > HTTP/1.0"
> > > > 401 -
> > > > 88.191.100.2 - - [27/Nov/2012:05:48:00 -0500] "HEAD /manager/html
> > > HTTP/1.0"
> > > > 401 -
> > > > 88.191.100.2 - - [27/Nov/2012:05:48:00 -0500] "HEAD /manager/html
> > > HTTP/1.0"
> > > > 401 -
> > > > 88.191.100.2 - - [27/Nov/2012:05:48:00 -0500] "HEAD /manager/html
> > > HTTP/1.0"
> > > > 401 -
> > > > 88.191.100.2 - - [27/Nov/2012:05:48:00 -0500] "HEAD /manager/html
> > > HTTP/1.0"
> > > > 401 -
> > > > 88.191.100.2 - - [27/Nov/2012:05:48:01 -0500] "HEAD /manager/html
> > > HTTP/1.0"
> > > > 401 -
> > > > 88.191.100.2 - - [27/Nov/2012:05:48:01 -0500] "HEAD /ma

Re: TomEE/catalina log showing that someone trying to hack into my TomEE/tomcat7 server

2012-12-09 Thread Romain Manni-Bucau

That's right, tomee webapp only serve for default ejbd (remote ejb
transport).

For port just update server.xml
Le 9 déc. 2012 17:20, "Howard W. Smith, Jr."  a
écrit :

> Romain,
>
> I have TomEE 1.5.1 running on production server, and I am getting
> hack-attempts late at night (midnight) by someone, trying to login to
> 'admin' acct of TomEE (tomcat7).  I have a strong password and a different
> admin-user-name in place.
>
> I really would like to change configuration to put the tomee app on
> localhost:4848 (port 4848) instead of port 80 or 8080.
>
> I have not been successful at this yet. I think I read in tomee or tomcat7
> user guide, that I can delete the tomee app? I can also delete manager/etc
> apps as well, so they won't even be served. Right?
>
> Howard
>
>
> On Tue, Nov 27, 2012 at 6:06 AM, Romain Manni-Bucau
> wrote:
>
> > By default in dev more you should get tomee user (but only to access
> tomee
> > webapp, not tomcat one)
> >
> > if you set openejb.profile to something else (system property) you'll
> need
> > to define it explicitely
> >
> > *Romain Manni-Bucau*
> > *Twitter: @rmannibucau *
> > *Blog: **http://rmannibucau.wordpress.com/*<
> > http://rmannibucau.wordpress.com/>
> > *LinkedIn: **http://fr.linkedin.com/in/rmannibucau*
> > *Github: https://github.com/rmannibucau*
> >
> >
> >
> >
> > 2012/11/27 Howard W. Smith, Jr. 
> >
> > > Wow, check this out. I'm so glad that you all ship tomee.xml with all
> > > users/passwords 'commented out'! :)
> > >
> > > Nov 27, 2012 5:48:05 AM org.apache.catalina.realm.LockOutRealm
> > authenticate
> > > WARNING: An attempt was made to authenticate the locked user "manager"
> > > Nov 27, 2012 5:48:05 AM org.apache.catalina.realm.LockOutRealm
> > authenticate
> > > WARNING: An attempt was made to authenticate the locked user "manager"
> > > Nov 27, 2012 5:48:06 AM org.apache.catalina.realm.LockOutRealm
> > authenticate
> > > WARNING: An attempt was made to authenticate the locked user "role1"
> > > Nov 27, 2012 5:48:06 AM org.apache.catalina.realm.LockOutRealm
> > authenticate
> > > WARNING: An attempt was made to authenticate the locked user "role1"
> > > Nov 27, 2012 5:48:07 AM org.apache.catalina.realm.LockOutRealm
> > authenticate
> > > WARNING: An attempt was made to authenticate the locked user "root"
> > > Nov 27, 2012 5:48:07 AM org.apache.catalina.realm.LockOutRealm
> > authenticate
> > > WARNING: An attempt was made to authenticate the locked user "root"
> > > Nov 27, 2012 5:48:07 AM org.apache.catalina.realm.LockOutRealm
> > authenticate
> > > WARNING: An attempt was made to authenticate the locked user "root"
> > > Nov 27, 2012 5:48:08 AM org.apache.catalina.realm.LockOutRealm
> > authenticate
> > > WARNING: An attempt was made to authenticate the locked user "tomcat"
> > > Nov 27, 2012 5:48:08 AM org.apache.catalina.realm.LockOutRealm
> > authenticate
> > > WARNING: An attempt was made to authenticate the locked user "tomcat"
> > > Nov 27, 2012 5:48:09 AM org.apache.catalina.realm.LockOutRealm
> > authenticate
> > > WARNING: An attempt was made to authenticate the locked user "both"
> > > Nov 27, 2012 5:48:09 AM org.apache.catalina.realm.LockOutRealm
> > authenticate
> > > WARNING: An attempt was made to authenticate the locked user "both"
> > > Nov 27, 2012 5:48:09 AM org.apache.catalina.realm.LockOutRealm
> > authenticate
> > > WARNING: An attempt was made to authenticate the locked user "both"
> > >
> > > 88.191.100.2 - - [27/Nov/2012:05:47:58 -0500] "HEAD /manager/html
> > HTTP/1.0"
> > > 401 -
> > > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html
> > HTTP/1.0"
> > > 401 -
> > > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html
> > HTTP/1.0"
> > > 401 -
> > > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html
> > HTTP/1.0"
> > > 401 -
> > > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html
> > HTTP/1.0"
> > > 401 -
> > > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html
> > HTTP/1.0"
> > > 401 -
> > > 88.191.100.2 - - [27/Nov/2012:05:48:00 -0500] "HEAD /manager/html
> > HTTP/1.0"
> > > 401 -
> > > 88.191.100.2 - - [27/Nov/2012:05:48:00 -0500] "HEAD /manager/html
> > HTTP/1.0"
> > > 401 -
> > > 88.191.100.2 - - [27/Nov/2012:05:48:00 -0500] "HEAD /manager/html
> > HTTP/1.0"
> > > 401 -
> > > 88.191.100.2 - - [27/Nov/2012:05:48:00 -0500] "HEAD /manager/html
> > HTTP/1.0"
> > > 401 -
> > > 88.191.100.2 - - [27/Nov/2012:05:48:01 -0500] "HEAD /manager/html
> > HTTP/1.0"
> > > 401 -
> > > 88.191.100.2 - - [27/Nov/2012:05:48:01 -0500] "HEAD /manager/html
> > HTTP/1.0"
> > > 401 -
> > > 88.191.100.2 - - [27/Nov/2012:05:48:01 -0500] "HEAD /manager/html
> > HTTP/1.0"
> > > 401 -
> > > 88.191.100.2 - - [27/Nov/2012:05:48:01 -0500] "HEAD /manager/html
> > HTTP/1.0"
> > > 401 -
> > > 88.191.100.2 - - [27/Nov/2012:05:48:01 -0500] "HEAD /manager/html
> > HTTP/1.0"
> > > 401 -
> > > 88.191.100.2 - - [27/Nov/2012:05:48:02 -0500] "HEAD /mana

Re: TomEE/catalina log showing that someone trying to hack into my TomEE/tomcat7 server

2012-12-09 Thread Howard W. Smith, Jr.

Romain,

I have TomEE 1.5.1 running on production server, and I am getting
hack-attempts late at night (midnight) by someone, trying to login to
'admin' acct of TomEE (tomcat7).  I have a strong password and a different
admin-user-name in place.

I really would like to change configuration to put the tomee app on
localhost:4848 (port 4848) instead of port 80 or 8080.

I have not been successful at this yet. I think I read in tomee or tomcat7
user guide, that I can delete the tomee app? I can also delete manager/etc
apps as well, so they won't even be served. Right?

Howard


On Tue, Nov 27, 2012 at 6:06 AM, Romain Manni-Bucau
wrote:

> By default in dev more you should get tomee user (but only to access tomee
> webapp, not tomcat one)
>
> if you set openejb.profile to something else (system property) you'll need
> to define it explicitely
>
> *Romain Manni-Bucau*
> *Twitter: @rmannibucau *
> *Blog: **http://rmannibucau.wordpress.com/*<
> http://rmannibucau.wordpress.com/>
> *LinkedIn: **http://fr.linkedin.com/in/rmannibucau*
> *Github: https://github.com/rmannibucau*
>
>
>
>
> 2012/11/27 Howard W. Smith, Jr. 
>
> > Wow, check this out. I'm so glad that you all ship tomee.xml with all
> > users/passwords 'commented out'! :)
> >
> > Nov 27, 2012 5:48:05 AM org.apache.catalina.realm.LockOutRealm
> authenticate
> > WARNING: An attempt was made to authenticate the locked user "manager"
> > Nov 27, 2012 5:48:05 AM org.apache.catalina.realm.LockOutRealm
> authenticate
> > WARNING: An attempt was made to authenticate the locked user "manager"
> > Nov 27, 2012 5:48:06 AM org.apache.catalina.realm.LockOutRealm
> authenticate
> > WARNING: An attempt was made to authenticate the locked user "role1"
> > Nov 27, 2012 5:48:06 AM org.apache.catalina.realm.LockOutRealm
> authenticate
> > WARNING: An attempt was made to authenticate the locked user "role1"
> > Nov 27, 2012 5:48:07 AM org.apache.catalina.realm.LockOutRealm
> authenticate
> > WARNING: An attempt was made to authenticate the locked user "root"
> > Nov 27, 2012 5:48:07 AM org.apache.catalina.realm.LockOutRealm
> authenticate
> > WARNING: An attempt was made to authenticate the locked user "root"
> > Nov 27, 2012 5:48:07 AM org.apache.catalina.realm.LockOutRealm
> authenticate
> > WARNING: An attempt was made to authenticate the locked user "root"
> > Nov 27, 2012 5:48:08 AM org.apache.catalina.realm.LockOutRealm
> authenticate
> > WARNING: An attempt was made to authenticate the locked user "tomcat"
> > Nov 27, 2012 5:48:08 AM org.apache.catalina.realm.LockOutRealm
> authenticate
> > WARNING: An attempt was made to authenticate the locked user "tomcat"
> > Nov 27, 2012 5:48:09 AM org.apache.catalina.realm.LockOutRealm
> authenticate
> > WARNING: An attempt was made to authenticate the locked user "both"
> > Nov 27, 2012 5:48:09 AM org.apache.catalina.realm.LockOutRealm
> authenticate
> > WARNING: An attempt was made to authenticate the locked user "both"
> > Nov 27, 2012 5:48:09 AM org.apache.catalina.realm.LockOutRealm
> authenticate
> > WARNING: An attempt was made to authenticate the locked user "both"
> >
> > 88.191.100.2 - - [27/Nov/2012:05:47:58 -0500] "HEAD /manager/html
> HTTP/1.0"
> > 401 -
> > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html
> HTTP/1.0"
> > 401 -
> > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html
> HTTP/1.0"
> > 401 -
> > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html
> HTTP/1.0"
> > 401 -
> > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html
> HTTP/1.0"
> > 401 -
> > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html
> HTTP/1.0"
> > 401 -
> > 88.191.100.2 - - [27/Nov/2012:05:48:00 -0500] "HEAD /manager/html
> HTTP/1.0"
> > 401 -
> > 88.191.100.2 - - [27/Nov/2012:05:48:00 -0500] "HEAD /manager/html
> HTTP/1.0"
> > 401 -
> > 88.191.100.2 - - [27/Nov/2012:05:48:00 -0500] "HEAD /manager/html
> HTTP/1.0"
> > 401 -
> > 88.191.100.2 - - [27/Nov/2012:05:48:00 -0500] "HEAD /manager/html
> HTTP/1.0"
> > 401 -
> > 88.191.100.2 - - [27/Nov/2012:05:48:01 -0500] "HEAD /manager/html
> HTTP/1.0"
> > 401 -
> > 88.191.100.2 - - [27/Nov/2012:05:48:01 -0500] "HEAD /manager/html
> HTTP/1.0"
> > 401 -
> > 88.191.100.2 - - [27/Nov/2012:05:48:01 -0500] "HEAD /manager/html
> HTTP/1.0"
> > 401 -
> > 88.191.100.2 - - [27/Nov/2012:05:48:01 -0500] "HEAD /manager/html
> HTTP/1.0"
> > 401 -
> > 88.191.100.2 - - [27/Nov/2012:05:48:01 -0500] "HEAD /manager/html
> HTTP/1.0"
> > 401 -
> > 88.191.100.2 - - [27/Nov/2012:05:48:02 -0500] "HEAD /manager/html
> HTTP/1.0"
> > 401 -
> > 88.191.100.2 - - [27/Nov/2012:05:48:02 -0500] "HEAD /manager/html
> HTTP/1.0"
> > 401 -
> > 88.191.100.2 - - [27/Nov/2012:05:48:02 -0500] "HEAD /manager/html
> HTTP/1.0"
> > 401 -
> > 88.191.100.2 - - [27/Nov/2012:05:48:02 -0500] "HEAD /manager/html
> HTTP/1.0"
> > 401 -
> > 88.191.100.2 - - [27/Nov/2012:05:48:02 -0500] "HEAD /manager/html
> HTTP/1.0"
> > 401 -
> > 88.191.100.

Re: TomEE/catalina log showing that someone trying to hack into my TomEE/tomcat7 server

2012-11-27 Thread Romain Manni-Bucau

By default in dev more you should get tomee user (but only to access tomee
webapp, not tomcat one)

if you set openejb.profile to something else (system property) you'll need
to define it explicitely

*Romain Manni-Bucau*
*Twitter: @rmannibucau *
*Blog: **http://rmannibucau.wordpress.com/*
*LinkedIn: **http://fr.linkedin.com/in/rmannibucau*
*Github: https://github.com/rmannibucau*




2012/11/27 Howard W. Smith, Jr. 

> Wow, check this out. I'm so glad that you all ship tomee.xml with all
> users/passwords 'commented out'! :)
>
> Nov 27, 2012 5:48:05 AM org.apache.catalina.realm.LockOutRealm authenticate
> WARNING: An attempt was made to authenticate the locked user "manager"
> Nov 27, 2012 5:48:05 AM org.apache.catalina.realm.LockOutRealm authenticate
> WARNING: An attempt was made to authenticate the locked user "manager"
> Nov 27, 2012 5:48:06 AM org.apache.catalina.realm.LockOutRealm authenticate
> WARNING: An attempt was made to authenticate the locked user "role1"
> Nov 27, 2012 5:48:06 AM org.apache.catalina.realm.LockOutRealm authenticate
> WARNING: An attempt was made to authenticate the locked user "role1"
> Nov 27, 2012 5:48:07 AM org.apache.catalina.realm.LockOutRealm authenticate
> WARNING: An attempt was made to authenticate the locked user "root"
> Nov 27, 2012 5:48:07 AM org.apache.catalina.realm.LockOutRealm authenticate
> WARNING: An attempt was made to authenticate the locked user "root"
> Nov 27, 2012 5:48:07 AM org.apache.catalina.realm.LockOutRealm authenticate
> WARNING: An attempt was made to authenticate the locked user "root"
> Nov 27, 2012 5:48:08 AM org.apache.catalina.realm.LockOutRealm authenticate
> WARNING: An attempt was made to authenticate the locked user "tomcat"
> Nov 27, 2012 5:48:08 AM org.apache.catalina.realm.LockOutRealm authenticate
> WARNING: An attempt was made to authenticate the locked user "tomcat"
> Nov 27, 2012 5:48:09 AM org.apache.catalina.realm.LockOutRealm authenticate
> WARNING: An attempt was made to authenticate the locked user "both"
> Nov 27, 2012 5:48:09 AM org.apache.catalina.realm.LockOutRealm authenticate
> WARNING: An attempt was made to authenticate the locked user "both"
> Nov 27, 2012 5:48:09 AM org.apache.catalina.realm.LockOutRealm authenticate
> WARNING: An attempt was made to authenticate the locked user "both"
>
> 88.191.100.2 - - [27/Nov/2012:05:47:58 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:00 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:00 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:00 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:00 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:01 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:01 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:01 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:01 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:01 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:02 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:02 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:02 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:02 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:02 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:03 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:03 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:03 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:03 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:03 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:04 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:04 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:04 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:04 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/2012:05:48:04 -0500] "HEAD /manager/html HTTP/1.0"
> 401 -
> 88.191.100.2 - - [27/Nov/

Re: TomEE/catalina log showing that someone trying to hack into my TomEE/tomcat7 server

Re: TomEE/catalina log showing that someone trying to hack into my TomEE/tomcat7 server

Re: TomEE/catalina log showing that someone trying to hack into my TomEE/tomcat7 server

Re: TomEE/catalina log showing that someone trying to hack into my TomEE/tomcat7 server

Re: TomEE/catalina log showing that someone trying to hack into my TomEE/tomcat7 server

Re: TomEE/catalina log showing that someone trying to hack into my TomEE/tomcat7 server

Re: TomEE/catalina log showing that someone trying to hack into my TomEE/tomcat7 server

Re: TomEE/catalina log showing that someone trying to hack into my TomEE/tomcat7 server

Re: TomEE/catalina log showing that someone trying to hack into my TomEE/tomcat7 server

Re: TomEE/catalina log showing that someone trying to hack into my TomEE/tomcat7 server

10 matches

Site Navigation

Mail list logo

Footer information