Toby Kurien wrote:
Seems like the infection was related to the loose (default) password
of the manager app. I suppose changing that fixed the problem.
There is *no* default password for the manager application. You have to
configure it yourself.
If you have a Tomcat distribution that does have
Hi,
If you really, really need the manager webapp, you can restrict access
to that one not only by password but also by source-ip, e.g. access is
only allowed from your office IP.
In server.xml:
Context path=/manager
docBase=${catalina.home}/server/webapps/manager debug=0
privileged=true
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hubert,
Hubert de Heer wrote:
If you really, really need the manager webapp, you can restrict access
to that one not only by password but also by source-ip, e.g. access is
only allowed from your office IP.
In server.xml:
Context
Seems like the infection was related to the loose (default) password
of the manager app. I suppose changing that fixed the problem.
On Thu, Jan 22, 2009 at 4:26 PM, Toby Kurien tobyis7...@gmail.com wrote:
thanks. I only need ROOT and myApp (which is my application). I am the
developer, admin,
What version of Tomcat are you using?
What version of the JVM?
What version of Windows?
Are you up to date on your Windows patches?
From: Toby Kurien tobyis7...@gmail.com
To: users@tomcat.apache.org
Sent: Thursday, January 22, 2009 9:16:46 AM
Subject:
Not sure this would be useful in your case
http://mail-archives.apache.org/mod_mbox/tomcat-users/200810.mbox/%3c19811090.p...@talk.nabble.com%3e
There seems to be issues with app manager and windows running tomcats.
On Thu, Jan 22, 2009 at 4:30 PM, Brian Clark brianclar...@yahoo.com wrote:
Tomcat is 6.0.18
JVM is 1.5.0_12-b04
Windows Server 2003
We got the latest patches from Microsoft regarding some similar
security breaches.
On Thu, Jan 22, 2009 at 10:30 AM, Brian Clark brianclar...@yahoo.com wrote:
What version of Tomcat are you using?
What version of the JVM?
What version of
On Thu, Jan 22, 2009 at 4:39 PM, Toby Kurien tobyis7...@gmail.com wrote:
[ Tomcat hacked ]
Basic lesson concerning security:
If a system is once compromised, there is only one option:
Dump it and set it up vanilla.
Why?
It's because you have no idea what additional malware has been
Thanks Gregor. We are looking at setting up in Linux, but that is
going to take longer to get a LIVE environment up and running. I have
in the past already setup Tomcat from scratch 2-3 times and the
infection just keeps coming. Only open port is 80 and network access
is disabled. In fact, one of
This sounds like an attack that has been seen before:
http://markmail.org/message/jrqw75yw3d3xh3p6
That message also has tips on tightening security.
In those cases it seems that the security hole was a weak password for
the manager webapp.
--
Len
On Thu, Jan 22, 2009 at 10:16, Toby Kurien
From: Len Popp len.p...@gmail.com
To: Tomcat Users List users@tomcat.apache.org
Sent: Thursday, January 22, 2009 10:27:31 AM
Subject: Re: SECURITY breach in Tomcat
This sounds like an attack that has been seen before:
http://markmail.org/message/jrqw75yw3d3xh3p6
Toby,
On Thu, Jan 22, 2009 at 5:27 PM, Toby Kurien tobyis7...@gmail.com wrote:
Thanks Gregor. We are looking at setting up in Linux, but that is
going to take longer to get a LIVE environment up and running. I have
in the past already setup Tomcat from scratch 2-3 times and the
infection just
Yea, I rebuild server from scratch. Fortunately, we have virtual
machines so we can revert to a factory build by just reverting to a
snapshot. That is same as moving to a fresh OS without anything
installed.
Moving servers mean we moved it physically from one box to another. IP
and DNS stays the
Yes, you should remove all other webapps (manager, examples, etc.)
You can remove ROOT too, unless you've put files in there that you
need to serve.
--
Len
On Thu, Jan 22, 2009 at 14:50, Toby Kurien tobyis7...@gmail.com wrote:
Yea, I rebuild server from scratch. Fortunately, we have virtual
Moving servers mean we moved it physically from one box to another. IP
and DNS stays the same when we move.
Btw: Can I take off all the apps from webapps, except ROOT and myApp?
Hacker or virus is probably exploiting some vulnerability in them. As
of now, tomcat is running after restarting
thanks. I only need ROOT and myApp (which is my application). I am the
developer, admin, everything. And yes, we moved between physical
server racks that actually host Virtual environments.
On Thu, Jan 22, 2009 at 3:15 PM, Gregor Schneider rc4...@googlemail.com wrote:
Moving servers mean we
16 matches
Mail list logo
