Then contact your ISP's abuse center and tell them that a machine on their network is infected. That's the only way it will go away, otherwise you will keep seeing it.
John
Antony paul wrote:
Althoug it is an intranet application Tomcat is listening on the public IP address accessible from internet(temporary arrangement) and the IP address in the log is out side the intranet but of same ISP. The IIS is not running but we have some other web server program(probably apache) which listens on this IP address. ----- Original Message ----- From: "Ralph Einfeldt" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Tuesday, August 12, 2003 2:08 PM Subject: RE: [OT] Some one executing windows commands in Tomcat 4.1.18.
There is someone from xx.xx.xx.xx trying to use an IIS vulnerability. If it's realy intranet your admin should have a look at the offending pc if it is infected by a virus. (Not shure out of the head if this is nimda, code red or what else)
This vulnerability is not affecting tomcat.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
