Seems like the infection was related to the loose (default) password
of the manager app. I suppose changing that fixed the problem.
On Thu, Jan 22, 2009 at 4:26 PM, Toby Kurien wrote:
> thanks. I only need ROOT and myApp (which is my application). I am the
> developer, admin, everything. A
thanks. I only need ROOT and myApp (which is my application). I am the
developer, admin, everything. And yes, we moved between physical
server racks that actually host Virtual environments.
On Thu, Jan 22, 2009 at 3:15 PM, Gregor Schneider wrote:
>>
>> Moving servers mean we moved it physically f
.
On Thu, Jan 22, 2009 at 12:14 PM, Gregor Schneider
wrote:
> Toby,
>
> On Thu, Jan 22, 2009 at 5:27 PM, Toby Kurien wrote:
>> Thanks Gregor. We are looking at setting up in Linux, but that is
>> going to take longer to get a LIVE environment up and running. I have
>>
t 4:39 PM, Toby Kurien wrote:
>
>> [ Tomcat hacked ]
>
> Basic lesson concerning security:
>
> If a system is once compromised, there is only one option:
>
> Dump it and set it up vanilla.
>
> Why?
>
> It's because you have no idea what additional mal
> Are you up to date on your Windows patches?
>
>
>
>
> ________
> From: Toby Kurien
> To: users@tomcat.apache.org
> Sent: Thursday, January 22, 2009 9:16:46 AM
> Subject: SECURITY breach in Tomcat
>
> Hi,
> I have a webapp for my c
Hi,
I have a webapp for my company that has been running for several
years. Recently, we got infected by a trojan or virus and this has
been causing a lot of abnormal behavior. The trojan creates user
accounts in Windows and also creates web applications like safee.war
and zhu.war into the webapps
;reserved" for a while after it was
> bound as a listening port.
>
> Hope this is a pointer in the right direction.
>
> Best regards
> Stefan
>
> -Ursprüngliche Nachricht-
> Von: Toby Kurien [mailto:[EMAIL PROTECTED]
> Gesendet: Donnerstag, 4. Dezember 2008 1
Hi,
Here's the weirdest thing I have found now. If I restart the service
from "Services" in computer management, it restarts fine, but if I
click Stop and then Start after a 30 second delay, the same error as
before happens which is:
Dec 3, 2008 8:39:31 PM org.apache.coyote.http11.Http11AprProtoco
ices --> I
>
> Find the process named IIS Admin and right click to Stop it.
>
> jus my 2 cents.
>
> On Fri, Nov 21, 2008 at 10:36 AM, Toby Kurien <[EMAIL PROTECTED]> wrote:
>
>> Telnet does not work and netstat does not show anything suspicious.
>> Only the web
.
> --
> Len
>
>
>
> On Thu, Nov 20, 2008 at 14:47, Toby Kurien <[EMAIL PROTECTED]> wrote:
>> Well, I have had this application for many years and usually
>> restarting the whole server fixes anything, but not this time. I
>> figure something is holding on to po
On Wed, Nov 19, 2008 at 2:59 PM, Caldarale, Charles R
<[EMAIL PROTECTED]> wrote:
>> From: Toby Kurien [mailto:[EMAIL PROTECTED]
>> Subject: java.lang.Exception: Socket bind failed: [730048]
>>
>> I have attached a log file of the errors I am
>> getting while
Hi Everybody,
I have been using Apache Tomcat 5.5.23 with Java 1.5.0_12. OS is Windown Server
2003. Tomcat connects to an Informix database and I have been using this
application at my company without any major issues so far for more than 2
years. Lately we noticed some suspicious activities report
12 matches
Mail list logo